Skills
skills/altinity/skills/altinity-expert-clickhouse-reporting/Gen Agent Trust Hub

altinity-expert-clickhouse-reporting

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability via ClickHouse system logs.\n
  • Ingestion points: checks.sql (lines 10, 29, 48, 68, etc.) and SKILL.md (line 33) read from system.query_log and system.processes.\n
  • Boundary markers: None. The agent processes raw query text without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill identifies optimization opportunities and performs diagnostics based on log contents.\n
  • Sanitization: None. User-supplied query strings are retrieved and processed directly.\n- DATA_EXFILTRATION (HIGH): Exposure of sensitive information through system tables.\n
  • Evidence: checks.sql and SKILL.md query system.query_log and system.processes. These tables contain full SQL query texts which frequently include PII, business logic, or secrets in WHERE clauses.\n- COMMAND_EXECUTION (MEDIUM): Potential SQL Injection via unsanitized placeholders.\n
  • Evidence: SKILL.md (lines 24, 39) and checks.sql (line 11) use template placeholders like {database}, {table}, and {cluster}. If the agent populates these from untrusted user input, it can result in unauthorized database operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:13 PM