distributed postgres
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill architecture presents an indirect injection surface because the database interaction tools (readonly_query, transact) do not support parameterized queries, necessitating manual input interpolation by the agent. \n
- Ingestion points: User-provided data is interpolated into SQL strings within the transact and readonly_query MCP tools. \n
- Boundary markers: No structural enforcement or delimiters are present; the skill relies on natural language prompt guidelines to manage safety. \n
- Capability inventory: Full DML/DDL execution via the transact tool and AWS resource management through included shell scripts. \n
- Sanitization: Guidelines instruct the agent to use allowlists, regex, and manual escaping for input validation. \n- [COMMAND_EXECUTION]: The skill includes shell scripts (create-cluster.sh, delete-cluster.sh, psql-connect.sh) for performing administrative tasks on AWS Aurora DSQL clusters. These tools allow for the creation and deletion of cloud resources. \n- [EXTERNAL_DOWNLOADS]: The skill references official AWS documentation and GitHub sample repositories for DSQL implementation guidance, which are recognized as trusted and well-known sources.
Audit Metadata