database-management
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. ● Ingestion points: Command templates are designed to be populated with parameters such as '' and '', which typically originate from user prompts or external configurations. ● Boundary markers: The skill provides no instructions or delimiters to isolate user-provided data from the command structure, allowing malicious instructions to be executed if they are embedded in the input values. ● Capability inventory: Enables significant side effects, including database deletion ('oci db database delete'), infrastructure scaling, and Data Guard failover. ● Sanitization: No logic or guidance is provided for escaping or validating user inputs before interpolation into shell commands.
- [COMMAND_EXECUTION] (HIGH): The skill focuses on enabling an agent to execute powerful OCI CLI commands that directly create, modify, or destroy cloud infrastructure and security configurations.
- [CREDENTIALS_UNSAFE] (LOW): Templates in the skill reference the '
/.ssh/id_rsa.pub' path for provisioning. While the public key is not secret, accessing the sensitive '/.ssh' directory presents a risk of exposure for other sensitive files in the same location.
Recommendations
- AI detected serious security threats
Audit Metadata