data-storage
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches SQLite WASM components from the official sql.js.org domain to provide local relational database capabilities.
- [DATA_EXFILTRATION]: The syncWithServer function provides a template for synchronizing local user data with a remote server via the Fetch API, which is a standard requirement for offline-first applications.
- [PROMPT_INJECTION]: The storage mechanisms create an ingestion surface for untrusted data from external endpoints and local storage. This represents a potential indirect prompt injection vector if the stored content is later processed by the agent without proper sanitization. Ingestion points: localStorage, IndexedDB, and server fetch results; Capability inventory: fetch calls for synchronization; Sanitization: Not implemented in the storage wrappers.
Audit Metadata