assistant
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script with user input:
bash "$PLUGIN_ROOT/scripts/memory-manager.sh" search "query". This is susceptible to command injection if the query string contains shell metacharacters. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to reading untrusted data from local database tables. * Ingestion points: SQLite tables like
commitments,decisions, andideasin secretary.db. * Boundary markers: Absent; retrieved content is not delimited or quarantined from the agent's instructions. * Capability inventory: Access toBash,Read,Glob, andGrep. * Sanitization: None; data retrieved from the database is interpolated directly into the response format without escaping or sanitization.
Audit Metadata