tigris-snapshots-recovery
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include commands to check for and install the Tigris CLI tool (@tigrisdata/cli) using NPM to facilitate storage operations.
- [EXTERNAL_DOWNLOADS]: The skill references and utilizes several official vendor libraries and repositories, including the @tigrisdata/cli and @tigrisdata/storage NPM packages, the tigris-boto3-ext Python package, and the github.com/tigrisdata/storage-go Go module.
- [PROMPT_INJECTION]: The skill retrieves object data and metadata from Tigris buckets, which creates a surface for indirect prompt injection. * Ingestion points: File content and bucket listing metadata retrieved in SKILL.md and resources/restore-workflows.md. * Boundary markers: Absent; there are no instructions to the agent to ignore or delimit embedded instructions in the retrieved data. * Capability inventory: Access to shell command execution via the Tigris CLI and bucket write permissions for restoration. * Sanitization: No explicit validation or sanitization of retrieved data is mentioned before processing or restoration.
Audit Metadata