firefox-bookmarks
Warn
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Nushell script
scripts/search-bookmarks.nuis vulnerable to SQL injection because it constructs queries using direct string interpolation of user-supplied search terms. - Evidence: The script builds the
like_clausesandsqlvariables by joining search terms into a SQL string without sanitization or parameterization, allowing potentially malicious input to manipulate the query logic. - [DATA_EXFILTRATION]: The skill accesses the Firefox
places.sqlitedatabase, which contains sensitive user data including entire browsing histories and bookmarked URLs. - Evidence: The skill explicitly reads from
~/.mozilla/firefox/*/places.sqliteto retrieve information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from bookmarked page titles and URLs which could contain instructions intended to hijack the agent's behavior.
- Ingestion points:
scripts/search-bookmarks.nureads content directly from the local Firefox database. - Boundary markers: Absent. Search results are printed as a standard list without delimiters or warnings to the agent that the content is untrusted.
- Capability inventory: The skill can read local files and execute SQLite queries.
- Sanitization: Absent. The skill does not filter or escape retrieved bookmark titles before presenting them to the agent.
Audit Metadata