fibery-sync
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
scripts/fibery_sync.pyusingpython3to perform schema discovery, entity creation, and document updates. It passes sensitive information, including the Fibery workspace URL and API token, as command-line arguments to this script. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external PRD files to drive its workflow.
- Ingestion points: The skill reads a PRD file at the path provided in
$ARGUMENTS(File:SKILL.md, Step 1). - Boundary markers: None. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the parsed content.
- Capability inventory: The skill has the ability to create entities, batch update records, query workspace schemas, and modify rich-text documents via the Fibery API (File:
scripts/fibery_sync.py). - Sanitization: The script uses
json.dumpsto ensure the integrity of the JSON payload, but no semantic sanitization is performed on the text extracted from the PRD before it is used to define features or tasks. - [DATA_EXPOSURE]: The skill requires a Fibery API token and a workspace URL. The Python script constructs the target URL as
f"https://{workspace}/api/commands". If an attacker can influence theworkspaceparameter to point to a rogue domain, theAuthorizationheader containing the API token would be sent to the external server.
Audit Metadata