crud
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to automatically read
ruoyi-admin/src/main/resources/application-dev.yml. In standard Spring Boot applications, this file contains sensitive plain-text credentials including database usernames, passwords, and connection URLs. - [COMMAND_EXECUTION]: The execution flow involves running database commands
SHOW CREATE TABLEandDESCusing user-supplied table names. Without strict validation of the table name input, this presents a surface for SQL-based metadata exploration or potential injection. - [DATA_EXFILTRATION]: The skill performs broad read operations on the local file system, including sensitive configuration files and core service/controller source code (e.g.,
SysNoticeController.java). This exposes internal application logic and architecture to the model context. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through several vectors:
- Ingestion points: Reads database schema metadata, table structures, and existing Java source files.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the processed files are defined.
- Capability inventory: Includes file system read/write access and database command execution capabilities.
- Sanitization: No sanitization logic is specified for the data retrieved from the database or existing source files before it is processed by the model.
Audit Metadata