postgres
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded example credentials such as 'mypass' and 'securepass' are present in psql connection strings and role creation commands within SKILL.md.
- [COMMAND_EXECUTION]: The skill provides instructions for running system commands via psql, pg_dump, and pg_restore, which allow for direct interaction with the host environment and database management.
- [DATA_EXFILTRATION]: Export capabilities are documented in SKILL.md through the use of \copy to write to /tmp/out.csv and pg_dump to create database backups, which facilitate the movement of data to the local file system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it provides SQL templates for data retrieval and modification that do not include sanitization or parameterization guidance.
- Ingestion points: SQL query examples throughout SKILL.md used for CRUD operations, joins, and aggregations.
- Boundary markers: No boundary markers are used to isolate user data from SQL instructions.
- Capability inventory: Database modification (INSERT, DELETE, UPDATE) and data extraction (SELECT, pg_dump, \copy) via psql and related utilities.
- Sanitization: No sanitization, validation, or escaping logic is provided for the SQL examples.
Audit Metadata