verify-data-in-db
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill contains a high-risk vulnerability surface for indirect prompt injection. \n
- Ingestion points: User requirements for database verification (Step 2) and the templated pipeline name in the file path. \n
- Boundary markers: Absent; no delimiters are used to isolate untrusted data from the generated script logic. \n
- Capability inventory: The skill uses the 'Write' tool to create '.robot' files, which are executable scripts. \n
- Sanitization: Absent; the skill does not perform any validation or escaping of user-provided table names, database types, or verification criteria before interpolating them into executable files.\n- [Command Execution] (HIGH): Because the skill generates '.robot' files from untrusted input, an attacker can inject Robot Framework keywords (such as 'Run Process' or 'Evaluate') to execute arbitrary system commands or Python code on the runner environment.\n- [Data Exfiltration] (MEDIUM): The skill features built-in capabilities to 'Export DB Table Data To CSV'. If an attacker influences the table names or queries, they can leverage this intended functionality to exfiltrate sensitive data from the database.
Recommendations
- AI detected serious security threats
Audit Metadata