bitwarden
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'exec' capability to run the 'rbw' CLI tool for all vault interactions, including configuration, unlocking, and item retrieval.
- [DATA_EXFILTRATION]: This skill provides the agent with the ability to read and manage highly sensitive data such as passwords and secrets. While this is the primary purpose of the skill, it creates a risk of data exposure or exfiltration if the agent is compromised or follows malicious instructions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data stored in the vault entries.
- Ingestion points: Untrusted data enters the agent's context through the output of 'rbw list', 'rbw get', and 'rbw search' commands.
- Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potential commands embedded within the vault data.
- Capability inventory: The agent can execute arbitrary 'rbw' subcommands and other system commands via 'exec'.
- Sanitization: There is no evidence of sanitization or validation of the data retrieved from the vault before it is processed by the agent.
Audit Metadata