oracle-dba
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides numerous Bash templates for executing SQLcl and Data Pump commands. While these are appropriate for the primary purpose of a DBA skill, they facilitate direct shell execution of database logic which can be risky if inputs are not strictly controlled.
- CREDENTIALS_UNSAFE (LOW): The code snippets consistently use 'admin/password@adb_high' as a connection string. Although 'password' is a placeholder, providing commands that pass credentials as plaintext CLI arguments is a security anti-pattern as they remain visible in process lists and shell history logs.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The workflows ingest external identifiers like sql_id and table names into SQL templates without sanitization.
- Ingestion points: User-provided or data-sourced variables like '&sql_id' and 'TABLE_NAME' used in 'references/sqlcl-workflows.md'.
- Boundary markers: Absent; the variables are interpolated directly into SQL heredocs.
- Capability inventory: Execution of SQLcl commands with full 'ADMIN' privileges on the Autonomous Database and shell execution of 'expdp'/'impdp'.
- Sanitization: No input validation or escaping is present to prevent SQL injection or command injection if an attacker-controlled sql_id or table name is processed.
Audit Metadata