database-utility
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it retrieves and processes metadata from IBM i system tables.
- Ingestion points: Data returned from SQL queries defined in
tools/database-utility.yaml, including object descriptions (OBJTEXT) and text descriptions (TEXT_DESCRIPTION) from system catalogs. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between legitimate data and potential instructions embedded within the database records.
- Capability inventory: The skill enables the agent to execute SQL queries and list system objects using the
ibmiCLI tools and an MCP-connected server. - Sanitization: The skill correctly uses parameterized queries to prevent direct SQL injection, but it does not perform sanitization on the content of the data retrieved before it is presented to the agent.
Audit Metadata