Skills
skills/chaterm/terminal-skills/postgresql/Gen Agent Trust Hub

postgresql

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Significant risk of indirect prompt injection (Category 8). The skill provides the capability to execute external SQL scripts (psql -f script.sql) and arbitrary queries (psql -c). If an agent processes SQL provided by an untrusted user, it could lead to unauthorized data access or administrative takeover.
  • Ingestion points: psql -f script.sql and psql -c "..." in SKILL.md.
  • Boundary markers: Absent. There are no instructions to validate or delimit SQL content.
  • Capability inventory: Full database administrative rights, including CREATE USER WITH SUPERUSER, DROP DATABASE, and GRANT ALL PRIVILEGES.
  • Sanitization: Absent. No logic is provided to escape or verify SQL commands before execution.
  • [COMMAND_EXECUTION] (HIGH): The skill enables execution of powerful shell commands and database operations that can modify the host system or delete data.
  • Evidence: pg_dump and pg_restore commands allow file system interaction; DROP DATABASE and pg_terminate_backend allow service disruption.
  • [CREDENTIALS_UNSAFE] (MEDIUM): The documentation includes templates for hardcoding passwords in plaintext SQL commands.
  • Evidence: CREATE USER username WITH PASSWORD 'password'; and ALTER USER username WITH PASSWORD 'newpassword';. While these use placeholder values, they demonstrate and encourage a practice of embedding credentials in commands that may be logged or captured.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:16 AM