vector-db-init
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Multiple files, including 'scripts/init.py', 'scripts/query.py', and various files in the 'resources' directory, contain the path traversal string '../../../'. This pattern is characteristic of attempts to escape the designated skill directory to access or expose potentially sensitive information on the host system or within the user's environment.
- [COMMAND_EXECUTION]: The skill instructs the agent to run 'python3 ./scripts/init.py'. However, the content of this script is simply a path traversal string rather than valid executable code. This irregular setup is highly suspicious and could lead to unpredictable behavior if the agent or the environment attempts to follow the relative path referenced in the file content.
Audit Metadata