Skills
skills/mikkelkrogsholm/bookstrap/bookstrap-plan-research/Gen Agent Trust Hub

bookstrap-plan-research

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains hardcoded database credentials (--user root --pass root) within the SurrealDB connection examples in SKILL.md.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external data.
  • Ingestion points: Untrusted data is retrieved from the Book Requirements Document (BRD) and the existing research corpus stored in SurrealDB.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill uses the Bash tool for database interactions and agent delegation, and the Read tool for accessing local configuration files.
  • Sanitization: There is no evidence of input validation, escaping, or filtering for the content retrieved from the database before it is used to generate research tasks.- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute shell commands for database operations and to invoke the corpus-analyst agent, which presents a risk if integrated with unsanitized inputs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 08:06 AM