dbml
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute command-line utilities such as
dbml2sql,sql2dbml, anddb2dbmlfor schema transformation and database introspection (SKILL.md, references/dbml-reference.md). - [DATA_EXFILTRATION]: The skill documents the use of the
db2dbmlcommand, which requires passing a database connection string as an argument. If an agent uses this command with actual credentials, they could be exposed in environment logs or process history (SKILL.md, references/dbml-reference.md). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external SQL files and database schemas (SKILL.md).
- Ingestion points: SQL source files processed by
sql2dbmland live database metadata accessed viadb2dbml. - Capability inventory: The agent can execute local shell commands and write to the filesystem (e.g.,
-o schema.dbml). - Boundary markers: Absent; the skill lacks specific delimiters or instructions for the agent to ignore potential commands embedded within the data being processed.
- Sanitization: Absent; the instructions do not specify any validation or filtering of input SQL or database content before processing.
Audit Metadata