umami
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
scripts/umami-summary.sh) to interact with the Umami API. The script uses environment variables for configuration and authentication. - [COMMAND_EXECUTION]: The authentication step in the bash script uses manual string interpolation to build a JSON payload for credentials. While these variables are provided by the user, this pattern is susceptible to JSON structure breaking if special characters are present in the username or password.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the processing of external API data.
- Ingestion points: Analytics data such as website names and domain names are fetched from the Umami API via
scripts/umami-summary.sh. - Boundary markers: The skill instructions provide a structural boundary by directing the agent to format the JSON output into a markdown table.
- Capability inventory: The skill is authorized to execute a bash script and perform network operations to the user-configured Umami instance.
- Sanitization: The script extracts data using
jqbut does not sanitize or escape the resulting strings before they are presented to the agent for formatting.
Audit Metadata