dev
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
grepto search through the project's source code directory (ruoyi-modules/) based on user-provided function names. - [CREDENTIALS_UNSAFE]: The skill explicitly reads
ruoyi-admin/src/main/resources/application-dev.yml, a configuration file that typically contains sensitive information such as database credentials, API keys, and environment-specific secrets. - [COMMAND_EXECUTION]: The skill performs automated database operations, including executing
CREATE TABLE(DDL) andINSERT(DML) statements directly into the connected database. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection or command/SQL injection because it interpolates user-provided strings (like function names and table prefixes) directly into shell commands (
grep) and SQL queries (SHOW TABLES LIKE,SELECT ..., and the final generation SQL) without explicit sanitization or parameterization. - Ingestion points: User inputs for '功能名称' (Function Name) and '所属模块' (Module Name) in Step 1.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are present when processing these inputs.
- Capability inventory: Executes
grepvia bash, reads local.ymlfiles, and executes arbitrary SQL queries. - Sanitization: No evidence of sanitization or escaping of user-provided strings before they are used in commands.
Audit Metadata