mssql
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the @billpeet/mssql-cli NPM package. This dependency is authored by the skill's creator, making it a recognized vendor resource.
- [COMMAND_EXECUTION]: The skill enables database interaction via CLI commands. It differentiates between read-only and dangerous operations, mandating that agents seek explicit user confirmation before running destructive SQL statements.
- [CREDENTIALS_UNSAFE]: The skill provides examples for configuring database access using credentials in environment variables or configuration files. This is standard functionality, but agents must be careful not to leak these secrets in tool outputs.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting data from database query results.
- Ingestion points: SQL query results and schema details from the mssql sql and mssql schema commands.
- Boundary markers: Absent; database output is returned directly to the agent context.
- Capability inventory: Execution of arbitrary SQL via the mssql sql-dangerous command.
- Sanitization: Absent; safety relies on instructional constraints requiring user confirmation for dangerous operations.
Audit Metadata