Skills
skills/olegakbarov/openai-hackathon/electric/Gen Agent Trust Hub

electric

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill provides instructions and code snippets for integrating ElectricSQL with TanStack DB. The primary concern is the transmission of sensitive environment variables to an external, non-whitelisted domain, and the execution of commands that download unverified external code.

Total Findings: 4

🔴 HIGH Findings: • Data Exfiltration of SOURCE_SECRET

  • references/electric-docs.md: Line 48: The server-side code snippet sends process.env.SOURCE_SECRET! to https://api.electric-sql.cloud/v1/shape. While intended for the skill's functionality, this is a network operation transmitting sensitive environment variables to an external domain (electric-sql.cloud) that is not on the list of trusted external sources. This constitutes a data exfiltration risk.

🟡 MEDIUM Findings: • Unverifiable Dependencies & Command Execution (gitpick)

  • references/electric-docs.md: Line 64: The instruction npx gitpick electric-sql/electric/tree/main/examples/tanstack-db-web-starter downloads and executes code from a GitHub repository (electric-sql/electric) which is not part of the trusted GitHub organizations. This poses a risk as the content cannot be verified at analysis time and could contain malicious code. • Unverifiable Dependencies & Command Execution (pnpm/npm install)
  • references/electric-docs.md: Line 67, 197: The instructions pnpm install and npm install @tanstack/{angular,react,solid,svelte,vue}-db install external packages. While npmjs.com is a whitelisted registry, the specific packages are not individually verified as trusted. Installing unverified third-party packages introduces a supply chain risk and involves executing external code.

🔵 LOW Findings: • Trusted External Downloads (Docker Image)

  • references/electric-docs.md: Line 224, 234: The skill instructs to run docker run electricsql/electric:canary and uses image: electricsql/electric:canary in a docker-compose.yaml snippet. Docker is a trusted organization, so pulling images from docker.io is considered a lower risk.

ℹ️ Indirect Prompt Injection (INFO): • Risk in applications built with the skill

  • The skill describes building applications that process various inputs (e.g., request.url, newTodo). Applications built using these instructions, if not carefully secured, could be vulnerable to indirect prompt injection if they process untrusted user-supplied content without proper sanitization. This is a general risk associated with the type of application being built, rather than a direct vulnerability in the skill's instructions themselves.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 12:55 PM