Skills
skills/arthur0824hao/skills/skill-system-postgres/Gen Agent Trust Hub

skill-system-postgres

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill package is composed entirely of SQL migration files, markdown documentation, and metadata descriptors. It does not contain any executable application code.\n- [COMMAND_EXECUTION]: The SKILL.md file provides shell and PowerShell commands for users to manually initialize the database using the psql utility. These are documentation-based setup instructions.\n- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via the log-run and check-policy operations.\n
  • Ingestion points: Parameters policy_name, effects, skill_id, operation, and status enter the agent context via SKILL.md operations.\n
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the SQL entrypoints.\n
  • Capability inventory: The skill requires db.read and db.write permissions to query and update the policy and run tables.\n
  • Sanitization: The manifest entrypoints describe natural language queries without specifying escaping or validation mechanisms for the input parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:43 PM