Skills
skills/aradotso/trending-skills/xata-postgres-platform/Gen Agent Trust Hub

xata-postgres-platform

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of the Xata CLI using the command curl -fsSL https://xata.io/install.sh | bash, which downloads and executes code from the platform's official domain.
  • [EXTERNAL_DOWNLOADS]: Fetches the official CLI installation script and configurations from the xata.io domain.
  • [PROMPT_INJECTION]: The provided shell script examples (e.g., create-preview.sh) demonstrate an attack surface for indirect prompt injection via user-supplied arguments. * Ingestion points: create-preview.sh (the PR_NUMBER variable) * Boundary markers: Absent in the script logic * Capability inventory: Management of database branches and retrieval of connection strings via the Xata CLI * Sanitization: Absent; the script directly interpolates the input variable into command execution lines.
Recommendations
  • HIGH: Downloads and executes remote code from: https://xata.io/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 01:41 AM