db-query-executor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to the execution of unsanitized database queries. 1. Ingestion points: User-provided strings via the --query argument in scripts/db_query.py. 2. Boundary markers: Absent; query strings are passed directly to database clients. 3. Capability inventory: Full database read/write access and potential system command execution via database client shell escapes (e.g., psql's \!). 4. Sanitization: Absent; input is used as-is in subprocess calls.
- DATA_EXFILTRATION (HIGH): The skill enables retrieval and potential leakage of all database contents. Evidence: scripts/db_query.py captures all query results from stdout and returns them to the agent. Risk: An attacker can craft queries to extract sensitive tables or the entire database.
- CREDENTIALS_UNSAFE (MEDIUM): Database passwords and usernames are handled insecurely. Evidence: The get_container_env function in scripts/db_query.py executes docker exec with printenv to recover secrets like POSTGRES_PASSWORD from running containers.
Recommendations
- AI detected serious security threats
Audit Metadata