fridge-scanner
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts to manage a SQLite database. This allows the agent to run shell commands based on internal logic.
- [COMMAND_EXECUTION]: The
save-plan.shscript is vulnerable to SQL injection because it interpolates unvalidated shell arguments directly into a SQL command string. Since these arguments are generated from AI analysis of user-provided images, an attacker could manipulate the database. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via image analysis. Text instructions hidden in a fridge photo could override agent behavior (Category 8a).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via web search. Malicious content in price search results could influence the agent (Category 8c).
- Ingestion points: Image analysis and Web search (SKILL.md).
- Boundary markers: None present.
- Capability inventory: Shell script execution (bash) and database management (sqlite3).
- Sanitization: None detected for the plan or ingredient data before database insertion.
Audit Metadata