sql
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill constructs a shell command using
docker compose execthat interpolates user-provided input into the command line (-e "YOUR_SQL_HERE"). This is a classic command injection vector where an attacker could execute arbitrary system commands by breaking out of the SQL string context. - CREDENTIALS_UNSAFE (HIGH): The skill explicitly directs the agent to read database credentials from
CLAUDE.local.md. Accessing and handling files that store sensitive secrets like passwords increases the risk of data exposure. - PROMPT_INJECTION (LOW): The skill processes untrusted data (user SQL) to perform sensitive operations. It lacks boundary markers and sanitization, creating an indirect prompt injection surface where malicious inputs can influence agent behavior or database integrity.
Recommendations
- AI detected serious security threats
Audit Metadata