altinity-expert-clickhouse-part-log
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill ingests potentially untrusted data from the
system.part_logandsystem.mutationstables as seen inchecks.sql. This data includes user-defined database and table names, as well as exception messages. An adversary with database access could inject malicious instructions into these fields to influence the agent's behavior or reasoning. Evidence: Ingestion points: all queries inchecks.sqlreading from system tables; Boundary markers: absent; Capability inventory: agent interprets log data to advise on cluster health; Sanitization: absent. - [Data Exposure & Exfiltration] (LOW): The skill accesses ClickHouse system metadata and error logs. While this is required for the tool's diagnostic purpose, it facilitates the exposure of database structure and error details to the agent context.
- [Dynamic Execution] (LOW): The skill relies on the agent to perform dynamic string substitution by replacing the
{cluster}placeholder in SQL templates at runtime.
Audit Metadata