shopping-agent
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
sqlite3commands inSKILL.mdto query meal plans and price information from a local database file located at/data/workspace/pantry.db. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from a database and uses it to construct messages and optimization logic. 1. Ingestion points: Meal plan and price data retrieved via
sqlite3queries inSKILL.md. 2. Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded commands when processing database results. 3. Capability inventory: Access to local database files and the ability to send messages to external channels (Telegram and Discord). 4. Sanitization: No validation or sanitization is performed on the data retrieved from the database.
Audit Metadata