entity-framework
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Hardcoded database credentials detected in code samples.
- Evidence:
references/patterns.mdcontains a connection stringHost=localhost;Database=sorcha_wallet;Username=postgres;Password=postgres. While these are likely local defaults, the inclusion of literal credentials instead of placeholders violates security best practices and exposes the database to unauthorized access if used in real environments. - [PROMPT_INJECTION] (HIGH): High-risk Indirect Prompt Injection vulnerability surface (Category 8c).
- Ingestion points: The skill uses the
mcp__context7__query-docstool inSKILL.mdto fetch external content from the library/dotnet/entityframework.docs. - Boundary markers: Absent. No instructions are provided to the agent to treat the external documentation as untrusted or to delimit it from its internal instructions.
- Capability inventory: The skill explicitly allows the
Bash,Write, andEdittools inSKILL.md. - Sanitization: Absent. There is no verification of the documentation source or sanitization of its content before processing.
- Analysis: This combination allows for a 'remote instruction execution' scenario where a malicious actor influencing the documentation can trick the agent into running dangerous shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata