cloudbase-document-database-web-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its combination of data ingestion and data modification capabilities. 1. Ingestion points: Untrusted data enters the agent's context through query results in get() (SKILL.md), aggregation pipelines in aggregate() (aggregation.md), and real-time streams in watch() (realtime.md). 2. Boundary markers: Absent; the documentation does not instruct the agent to use delimiters or ignore instructions embedded within the retrieved data. 3. Capability inventory: The skill explicitly provides the agent with the ability to add, update, and delete documents, creating a high-risk capability tier. 4. Sanitization: Absent; there are no instructions or examples regarding the sanitization or validation of data retrieved from the database before it is processed by the agent.
- Command Execution (MEDIUM): The skill facilitates the execution of database-specific commands (add, update, delete) that have side effects on the data layer. In the absence of strict control, these can be abused if the agent's logic is subverted via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata