database-skill
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-integrated tool for managing Volcengine database instances (MySQL, PostgreSQL, Redis, MongoDB). It utilizes the official Volcengine API for all cloud operations.
- [COMMAND_EXECUTION]: The documentation describes a workflow for generating visual reports by rendering HTML templates and capturing them using the Playwright CLI tool (
npx playwright screenshot). This is an intended visualization feature. - [CREDENTIALS_UNSAFE]: The authentication module (
dbw_client.py) searches for and reads access keys (VOLCENGINE_ACCESS_KEY,VOLCENGINE_SECRET_KEY) from environment variables or a local.envfile. This is a standard configuration approach for development tools and relies on the user securing their environment variables. - [DATA_EXFILTRATION]: All network activity is directed toward official service domains (
volcengineapi.com). There are no patterns indicating the unauthorized transmission of sensitive data to third-party servers. - [PROMPT_INJECTION]: The skill processes database metadata and content that could potentially contain indirect prompt injections. However, the skill design includes a mandatory 'Reflection and Validation' step (
reflection_report) in the analysis workflow to ensure the agent maintains data integrity and logical consistency.
Audit Metadata