schema-exploration
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from an external database, which could contain malicious instructions designed to influence the agent. Ingestion points:
sql_db_list_tables,sql_db_schema, andsql_db_table_relationshipreferenced inSKILL.md. Boundary markers: None present; external content is processed without delimiters. Capability inventory: The skill is limited to database exploration and reporting. Sanitization: No sanitization or validation of database metadata or sample rows is performed. - Data Exposure (LOW): The skill retrieves and displays sample data (3 rows) from database tables. As shown in the
Customertable example, this can lead to the exposure of PII such as email addresses and phone numbers.
Audit Metadata