bookstrap-plan-write
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded root credentials (
--user root --pass root) are used for SurrealDB CLI operations in SKILL.md. - [COMMAND_EXECUTION]: The skill executes shell commands via Bash to interact with a local database instance.
- [DATA_EXFILTRATION]: Extensive extraction of structural book data and corpus content is performed using database queries.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Data retrieved from 'brd', 'section', 'character', and 'location' tables in SKILL.md.
- Boundary markers: No delimiters or protective instructions are used during data interpolation.
- Capability inventory: Bash shell access and SurrealQL execution capabilities.
- Sanitization: No validation or escaping is applied to database-sourced strings before they are used in logic.
- [DYNAMIC_EXECUTION]: The skill dynamically generates SurrealQL queries for pre-write and post-write operations based on data retrieved from the database, allowing for potential query injection if the database content is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata