product-onboarding
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. User-provided data, such as product names or slugs, is interpolated into shell commands and SQL statements. The instructions lack explicit sanitization or boundary markers to prevent malicious input from altering command logic.
- Ingestion points: User-provided product names and slugs through natural language interaction.
- Boundary markers: Absent; there are no delimiters or warnings to ignore instructions within user data.
- Capability inventory: Shell command execution (Bash), file system modification (Write/Edit), and database access.
- Sanitization: No validation or escaping logic is prescribed for the agent to apply to user inputs.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to run a local CLI wizard, database management tools, and connectivity tests via curl. These commands are executed with parameters derived from the agent's context, which could be influenced by untrusted external input.
- [DATA_EXFILTRATION]: The skill involves reading and writing to sensitive configuration files, specifically
.env.local, to manage webhook secrets. While this is part of the intended onboarding workflow, the ability to manipulate environment files is a sensitive capability.
Audit Metadata