rocket-store
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes and stores external data without sanitization, creating a surface for indirect prompt injection.\n
- Ingestion points: The
scripts/store_data.pyscript acceptsdata_jsondirectly from command-line arguments.\n - Boundary markers: Absent. No delimiters or warnings are used to distinguish stored data from agent instructions.\n
- Capability inventory: The skill uses
Rocketstoreto perform file read and write operations on the local filesystem inscripts/store_data.py.\n - Sanitization: Absent. Data is parsed via
json.loadsand stored without content validation.\n- [DATA_EXPOSURE]: The skill lacks sanitization forcollectionandkeyparameters inscripts/store_data.py, which could potentially be exploited for directory traversal to read or write files outside the intended storage area.\n- [EXTERNAL_DOWNLOADS]: The skill depends on theRocket-Storepackage from PyPI, which is a standard utility for file-based JSON storage.\n- [PERSISTENCE_MECHANISMS]: The skill is designed to create persistent JSON records on the local filesystem, which is its primary stated purpose.
Audit Metadata