meal-planner
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The shell script
scripts/save-plan.shis vulnerable to SQL injection by using unsanitized shell arguments in a database command. - The variables
$1,$2, and$3are interpolated directly into thesqlite3INSERT statement, allowing malicious input to break out of the query. - [COMMAND_EXECUTION]: The
/meals prefcommand instruction inSKILL.mdcontains a SQL injection vulnerability. - It encourages the agent to insert
<key>and<value>strings directly into asqlite3query, which can be exploited if the inputs contain single quotes or SQL control characters. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from a local database without boundaries or sanitization.
- Ingestion points: Data is read from the
fridgetable in/data/workspace/pantry.dbas shown in the/meals plancommand logic inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt interpolation logic.
- Capability inventory: The skill can execute
bashscripts and performsqlite3operations on the filesystem. - Sanitization: No sanitization, escaping, or validation of the data retrieved from the database is performed before it is used to generate the meal plan.
Audit Metadata