meal-planner
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: SQL Injection in /meals pref. The command defined in SKILL.md interpolates and directly into an sqlite3 INSERT statement. Malicious input containing single quotes or semicolons can be used to execute arbitrary SQL commands against the pantry.db.
- [COMMAND_EXECUTION]: Command and SQL Injection in scripts/save-plan.sh. The script takes shell arguments for the week, plan JSON, and budget and interpolates them directly into an sqlite3 query string. This enables SQL injection via the plan data and potential shell command injection if the calling environment does not strictly validate the budget parameter.
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. Ingestion points: pantry.db (fridge table); Boundary markers: Absent; Capability inventory: sqlite3 and bash execution; Sanitization: Absent. The skill reads external data from a database and uses it to generate output, creating a vector where malicious data in the database could influence agent behavior.
Audit Metadata