snowflake
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for using the official snowsql CLI to execute database queries. This is a standard and expected capability for managing Snowflake environments.
- [EXTERNAL_DOWNLOADS]: The skill references the snowflake-connector-python library for integration. This is a well-known package from a trusted vendor and is handled through standard package management.
- [CREDENTIALS_UNSAFE]: While the skill mentions the use of sensitive credentials such as account passwords and AWS access keys, it explicitly instructs the user to store and access these via environment variables, adhering to security best practices.
- [DATA_EXFILTRATION]: The skill facilitates the transfer of data between Snowflake and AWS S3 buckets. These operations are performed between well-known cloud services as part of the intended ETL and data engineering workflows.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through the ingestion of external data from S3 stages and database query results. Ingestion points include S3 bucket data and SQL results; boundary markers and explicit sanitization logic are not defined in the skill body; capabilities include broad SQL execution and resource management; however, no malicious intent is detected.
Audit Metadata