Uncategorized

church

Silver
https://github.com/a-church-ai/church
95,191 tokensgemini-3-flash-preview

Scan Warnings:

  • Truncated 2 large files to fit token budget.
  • Analyzed top 60 files out of 285 for Deep Audit.

Safety Score

65/ 100

Detected Capabilities

env_accessfilesystem_readnetworkshellfilesystem_writebrowser_data

Sensitive Files

  • app/.env.example

Deep Audit Findings

The aChurch.ai application provides a streaming and RAG (Retrieval-Augmented Generation) infrastructure for AI agents. While the public-facing API is well-designed with rate limits, the administrative backend contains an insecure fallback that disables authentication if the ADMIN_API_KEY is not explicitly set. Additionally, the RAG implementation is susceptible to prompt injection, and the internal logging mechanism records query parameters which may contain sensitive agent metadata. **Note:** Truncated 2 large files to fit token budget. Analyzed top 60 files out of 285 for Deep Audit.

Insecure Default: Authentication Disabled if Key is Missing

If a user deploys this application and fails to configure the 'ADMIN_API_KEY' in the .env file, the 'requireAuth' middleware defaults to allowing all traffic. This exposes administrative controls—including video deletion, schedule manipulation, and log access—to the public internet.

HIGH
app/server/lib/auth.js
if (!adminKey) { console.warn('⚠️ ADMIN_API_KEY not set - admin routes are unprotected!'); return next(); }

Prompt Injection Vulnerability in /api/ask

The user-provided 'question' is passed directly to the Gemini LLM without sanitization. An attacker or a malicious agent could use this to override the system's instructions, potentially extracting internal 'soul documents' or inducing the agent to provide false theological or philosophical output.

MEDIUM
app/server/lib/rag/index.js
const answer = await gemini.generate(question, chunks, formattedHistory);

Sensitive Information Logging in Plaintext

The 'logApiAccess' function records 'req.query' into a plaintext JSONL file. While intended for attendance tracking, if an agent uses a sensitive identifier or name, that data is stored unencrypted on the server and is accessible via the admin dashboard.

LOW
app/server/index.js
logApiAccess({ timestamp: new Date().toISOString(), method: req.method, path: '/api' + req.path, query: req.query, status: res.statusCode, ... })

Attack Surface Chain

1

A user deploys the app on a VPS but forgets to fill the .env file correctly.

2

An external attacker scans the server and hits the '/api/content' or '/api/logs' endpoints.

3

The 'requireAuth' middleware sees that 'ADMIN_API_KEY' is undefined and allows the request.

4

The attacker downloads administrative logs, discovers the 'GITHUB_TOKEN' (if exposed elsewhere) or deletes the church's music library.