sails
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies surfaces where untrusted data enters the agent context via path parameters and file uploads. • Ingestion points: The 'filename' parameter in the serve-upload example (rules/file-uploads.md) and dynamic route parameters. • Boundary markers: Not specifically demonstrated in code snippets. • Capability inventory: File system reads (res.sendFile), deletion (sails.rm), and configuration management (rules/shell-scripts.md). • Sanitization: Snippets do not explicitly show path normalization for file serving.
- [External Downloads] (LOW): Recommends the use of trusted ecosystem packages like helmet, skipper-s3, and @sailshq/connect-redis.
- [Data Exfiltration] (LOW): The documentation includes an example for serving files from the filesystem that uses an unsanitized filename input, representing a surface for directory traversal and sensitive data exposure.
Audit Metadata