dsql
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/loader.shscript downloads theaurora-dsql-loaderbinary from the officialaws-samplesGitHub repository. This process is secured with HTTPS enforcement, file size checks, and binary header validation to prevent the execution of corrupt or malicious files. - [COMMAND_EXECUTION]: Multiple bash scripts in the
scripts/directory (e.g.,create-cluster.sh,psql-connect.sh,loader.sh) execute AWS CLI andpsqlcommands. These scripts use array-based command construction andjqfor JSON processing to safely handle arguments and prevent shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection via its database interaction tools (
readonly_queryandtransact). As documented inmcp-tools.md, these tools do not support parameterized queries, meaning SQL strings constructed from untrusted external data could be exploited for SQL injection. The skill includes mandatory evidence for this surface: (1) Ingestion points: SQL queries passed to MCP tools inmcp-tools.md; (2) Boundary markers: None present for the queries themselves; (3) Capability inventory: Full DML and DDL capabilities via thetransacttool; (4) Sanitization: Not performed by the tools; requires manual implementation by the agent using regex and allowlist patterns.
Audit Metadata