sql-injection-detector
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted external data (SQL queries and code snippets) to detect vulnerabilities. Ingestion points: The agent is triggered to scan content provided in user requests or external sources. Boundary markers: None are specified; there are no delimiters or instructions for the agent to ignore embedded commands. Capability inventory: The skill allows
Bash(npm:*),Write,Read, andGrep. Sanitization: None provided. This allows an attacker to embed instructions in a 'malicious SQL query' that the agent may execute using the Bash tool. - [Command Execution] (MEDIUM): The skill grants the agent broad access to the system via the
Bash(npm:*)andWritetools. While the skill metadata does not contain malicious code, the combination of these capabilities with an untrusted data processing task creates a high-risk surface.
Recommendations
- AI detected serious security threats
Audit Metadata