Skills
AGENT LAB: SKILLS
skills/tursodatabase/turso/differential-fuzzer/Gen Agent Trust Hub

differential-fuzzer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (HIGH): Automated scanners (URLite) identified a blacklisted malicious URL within the fuzzer's entry point main.rs. The skill directs the agent to run this code using cargo run --bin differential_fuzzer, creating a direct risk of executing harmful logic or connecting to malicious infrastructure.
  • [Command Execution] (MEDIUM): The skill requires the use of powerful commands such as cargo run and docker build/run to execute a codebase that has a confirmed security detection.
  • [Data Exposure & Exfiltration] (LOW): The Docker runner instructions explicitly pass GITHUB_TOKEN and SLACK_WEBHOOK_URL as environment variables. In the context of a confirmed malicious URL in the source code, this poses a risk of credential exfiltration.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted database output and schema files. 1. Ingestion points: simulator-output/test.sql, schema.json. 2. Boundary markers: Absent. 3. Capability inventory: cargo, docker, sqlite3, tursodb. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:45 PM