database-designer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the parsing of untrusted data in user-supplied database schema files.
- Ingestion points: The scripts
schema_analyzer.py,index_optimizer.py, andmigration_generator.pyaccept external SQL and JSON files as input via command-line arguments. - Boundary markers: The generated reports (text or JSON) do not use delimiters or explicit instructions to treat reflected data as non-executable, which could allow malicious instructions embedded in database identifiers to influence the agent.
- Capability inventory: All three primary Python scripts contain file-writing capabilities to user-specified paths using the
--outputflag. - Sanitization: The scripts do not perform sanitization or escaping of identifiers extracted from the input files before they are included in the analysis output or Mermaid ERD diagrams.
Audit Metadata