sqlite-to-oracle-planner
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to scan sensitive environment configuration files (
**/*.env,**/*.env.*) to identify SQLite database connection strings. While this is core to the migration planning task, automated scanning of environment files is a sensitive operation that can lead to the exposure of credentials or other secrets. - [PROMPT_INJECTION]: The skill processes untrusted content from the local filesystem (source code, schema definitions), which creates a vulnerability surface for indirect prompt injection where malicious instructions hidden in the files could influence the agent's behavior.
- Ingestion points: The agent is instructed to scan all
.ts,.js,.sql, and.envfiles within the project codebase. - Boundary markers: Absent. The skill provides no instructions to use delimiters or specific warnings to ignore embedded instructions found within the scanned data.
- Capability inventory: The skill utilizes shell-based file discovery and content searching (Glob, Grep) to process the codebase.
- Sanitization: Absent. Data matched by the scan patterns is extracted and included directly in the output manifest without validation or escaping.
- [COMMAND_EXECUTION]: The skill's strategy relies on the execution of shell commands like
grepandglobto identify migration targets across the entire codebase. While these are standard utilities, the broad application of automated scanning across all project files increases the system's attack surface if combined with untrusted file content.
Audit Metadata