Skills
skills/steipete/agent-scripts/beeper/Gen Agent Trust Hub

beeper

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute sqlite3 commands directly on the host system to interact with the application database.
  • [DATA_EXFILTRATION]: The skill identifies and accesses a highly sensitive local database path (~/Library/Application Support/BeeperTexts/index.db). This file contains private chat logs, contact hints, and message history from multiple bridged services (iMessage, WhatsApp). Reading this data into the agent's context is a significant privacy risk and represents data exposure.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading untrusted message content from external databases.
  • Ingestion points: Message content is retrieved from the mx_room_messages_fts table in index.db via shell commands.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between its instructions and the message content it retrieves.
  • Capability inventory: The skill leverages sqlite3 for data retrieval as seen in the provided workflow and probes.
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved message content before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 06:37 AM