postgres
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on various system utilities to perform its operations. This includes
psqlfor database queries,pg_dumpandpg_restorefor backup management,gitfor repository checks,curlfor fetching online documentation, andpython3for internal logic and TOML profile management.\n- [DATA_EXFILTRATION]: Thescripts/bootstrap_profile.pyutility scans the project directory for sensitive configuration files such as.env,.json,.yaml, and.tomlto identify existing database connection strings. While this is an intended feature to simplify setup, it involves automated access to sensitive local file paths.\n- [EXTERNAL_DOWNLOADS]: Thescripts/search_postgres_docs.shscript performs network requests to the official PostgreSQL documentation website (postgresql.org) to provide documentation search results. This is a download from a well-known and trusted official service.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, specifically database query results and documentation search results, which could contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection surface).\n - Ingestion points: Results from SQL queries executed via
scripts/run_sql.shand documentation snippets fetched frompostgresql.orgviascripts/search_postgres_docs.sh.\n - Boundary markers: Absent. No explicit delimiters or instructions to ignore embedded commands are used when presenting external data to the agent context.\n
- Capability inventory: The skill has broad capabilities including arbitrary SQL execution, file system modification (TOML and CHANGELOG updates), and network access via
curl.\n - Sanitization: No specific sanitization or filtering of database output or documentation snippets for malicious prompt content is performed.
Audit Metadata