wrds
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provide logic and instructions to access sensitive local files containing database and SSH credentials, specifically
~/.pgpassand~/.ssh/wrds_rsa(SKILL.md,references/connection.md,examples/wrds_connector.py).- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill usessubprocess.runto execute external system binaries includingrclone,scp,qsas, andqsub. These commands are constructed using dynamic parameters such as file paths retrieved from the WRDS database, which represents a significant command execution surface (examples/wrds_connector.py,references/sas-etl.md).- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external sources, specifically SEC EDGAR filings and WRDS document archives. While it encourages parameterized queries for SQL, the lack of explicit boundary markers for processed natural language text (filing content) poses a potential surface for instruction injection (references/edgar.md,examples/wrds_connector.py). - Ingestion points: SEC filing downloads in
references/edgar.mdandexamples/wrds_connector.py. - Boundary markers: None implemented for text processing logic.
- Capability inventory: SQL execution (
psycopg2) and system command execution (subprocess.run) across multiple scripts. - Sanitization: The skill emphasizes parameterized queries for SQL but does not specify sanitization for downloaded text data.
Recommendations
- AI detected serious security threats
Audit Metadata