journal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to use the
sqlite3CLI to interact with a database file at~/AI/journal.db, which requires command execution permissions on the host system. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it stores and retrieves untrusted textual data without markers or sanitization. Ingestion points: Data entered into the
contentfield of theentriestable via SQL. Boundary markers: None provided in the search or insert instructions. Capability inventory: Shell command execution viasqlite3and file system access. Sanitization: None; the agent is expected to perform raw string interpolation for SQL queries, which also creates a risk of SQL injection.
Audit Metadata