Skills
skills/mary4data/clawbee/orchestrator/Gen Agent Trust Hub

orchestrator

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the sqlite3 command-line tool to query a local database file at /data/workspace/pantry.db in the /plan weekly and /plan status commands.
  • [DATA_EXFILTRATION]: Data retrieved from the local database is formatted and sent to external services (Telegram and Discord) using environment variables ($TELEGRAM_CHAT_ID, $DISCORD_CHANNEL_ID) for targeting.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data into its reasoning process.
  • Ingestion points: Data is ingested from the local pantry.db (fridge contents) and from external web search results (supermarket prices).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent processes the fridge items or search results.
  • Capability inventory: The skill can execute shell commands via sqlite3 and perform network requests to Telegram and Discord APIs.
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from the database or the web before it is used to generate the meal plan or shopping list.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:14 PM