using-relational-databases
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The documentation file 'references/sqlite-guide.md' references the installation of the Turso CLI via 'curl -sSfL https://get.tur.so/install.sh | bash'. Although this is for user reference, piping remote scripts to a shell is a sensitive pattern.
- PROMPT_INJECTION (LOW): The script 'scripts/generate_migration.py' is vulnerable to indirect prompt injection. 1. Ingestion points: Command-line arguments 'table', 'column', and 'type' in 'scripts/generate_migration.py'. 2. Boundary markers: None. 3. Capability inventory: Generates SQL strings and writes them to files via 'scripts/generate_migration.py'. 4. Sanitization: None. This could allow an attacker to inject malicious SQL into generated migration files.
- PROMPT_INJECTION (LOW): The script 'scripts/validate_schema.py' is vulnerable to indirect prompt injection. 1. Ingestion points: The 'database_url' argument in 'scripts/validate_schema.py'. 2. Boundary markers: None. 3. Capability inventory: Establishes database connections and inspects schema via 'sqlalchemy'. 4. Sanitization: None. This could allow an agent to be coerced into connecting to a malicious database server.
Audit Metadata