update-graft-inventory
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill utilizes
npx wrangler d1 execute --remoteto perform read and write operations on a production database. This provides high-privilege access to production infrastructure as part of its documented workflow.\n- [External Downloads] (SAFE): Usesnpxto run thewranglerCLI tool. Aswrangleris a standard tool maintained by Cloudflare, it is considered a trusted dependency for this environment.\n- [Indirect Prompt Injection] (LOW): The skill processes untrusted content from migration files and database query results, creating a surface for indirect prompt injection during metadata extraction.\n - Ingestion points: SQL migration files (
libs/engine/migrations/*.sql) and database query outputs.\n - Boundary markers: Absent. The instructions do not define delimiters to separate untrusted data from processing logic.\n
- Capability inventory: Remote database modification (
wrangler d1 execute), file system writes, and repository commits.\n - Sanitization: No explicit sanitization or validation of the SQL content or query results is performed before the data is used to update the inventory and type definitions.
Audit Metadata