altinity-expert-clickhouse-schema
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill interpolates user-provided parameters like {database} and {table} into SQL queries, which is a known vector for indirect prompt injection.\n
- Ingestion points: SQL placeholders in both SKILL.md and checks.sql.\n
- Boundary markers: None present.\n
- Capability inventory: SQL query execution against ClickHouse system tables.\n
- Sanitization: No sanitization or escaping of placeholders is defined.\n- Command Execution (LOW): The skill dynamically generates and executes database commands (SQL). This is the primary function but requires careful handling of parameters.\n- Data Exposure & Exfiltration (SAFE): Analysis is limited to database metadata and system settings. No exfiltration to external domains or hardcoded credentials found.
Audit Metadata