dsql
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides tools for direct database interaction and schema management. It facilitates the execution of SQL queries through the
aurora-dsqlMCP server and provides helper scripts for cluster management. These capabilities are restricted to the intended purpose of managing Aurora DSQL clusters. - [EXTERNAL_DOWNLOADS]: The skill instructions guide the installation of standard database drivers (e.g., psycopg2, pg, Jackc/pgx) and the Aurora DSQL MCP server using package managers like
npm,pip, anduvx. These downloads target official package registries and repositories maintained by the vendor (awslabs). - [REMOTE_CODE_EXECUTION]: The skill utilizes
uvxto execute theawslabs.aurora-dsql-mcp-server. This is the official Model Context Protocol server for the service, and its execution is a standard integration method for the platform. - [DATA_EXFILTRATION]: Database operations are performed against official AWS Aurora DSQL endpoints (
*.dsql.[region].on.aws). The skill includes explicit guidance on maintaining data isolation for multi-tenant applications and requires IAM authentication for all connections, preventing unauthorized data access or exfiltration. - [CREDENTIALS_UNSAFE]: The skill correctly implements IAM-based authentication (
dsql:DbConnect). It provides instructions for generating short-lived authentication tokens and discourages hardcoding endpoints, recommending the use of environment variables or AWS Systems Manager Parameter Store instead. - [PROMPT_INJECTION]: No malicious patterns attempting to override agent behavior or bypass safety guardrails were identified. The instructions provide clear workflows for database administration and user-approved migrations.
Audit Metadata