price-hunter
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (bash and sqlite3) that incorporate variables such as [item], [store], and [price]. Since these variables are sourced from user queries and external web search results, they pose a risk of command injection if an attacker provides inputs containing shell metacharacters.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes data from external web searches and uses it to perform actions like database writes.
- Ingestion points: Web search results retrieved during the /prices search command in SKILL.md.
- Boundary markers: Absent. The instructions do not define delimiters for the external content or warn the agent to ignore instructions embedded in the search results.
- Capability inventory: The skill can execute local bash scripts (init-db.sh, save-price.sh) and run arbitrary SQL queries via the sqlite3 CLI as defined in SKILL.md.
- Sanitization: While save-price.sh uses parameterized SQL queries, the assembly of the bash command lines in SKILL.md relies on simple single-quoting, which can be bypassed by malicious input.
Audit Metadata