agentic-platform-schema
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill defines a schema to store 'agent_events', 'agent_tool_calls', and 'agent_artifacts'. These fields ingest untrusted data from external sources and tool outputs. Ingestion points include 'agent_events.data' and 'agent_tool_calls.tool_output' in 'templates/agentic-schema.sql'. There are no boundary markers or sanitization logic provided to prevent instructions inside this data from influencing the agent if it later 'replays' or reads this history.
- [COMMAND_EXECUTION] (MEDIUM): The skill includes 'scripts/setup-agentic-schema.sh' which executes 'supabase db push'. This requires the 'Bash' tool as specified in 'SKILL.md'. Granting an agent shell access for setup tasks is a sensitive operation that can be exploited if the agent's logic is subverted.
Audit Metadata