knowledge-base-builder
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The Bash CLI template in SKILL.md is vulnerable to SQL injection. The search query parameter ($1) is interpolated directly into a sqlite3 command string without escaping or sanitization.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted document content (PDFs, text files). 1. Ingestion point: extract_pdf_text function. 2. Boundary markers: None. 3. Capability inventory: Local file system access and SQLite database writing. 4. Sanitization: The Python logic correctly utilizes parameterized SQL queries which prevents database-level injection, though the ingested text remains a surface for downstream LLM manipulation.
Audit Metadata