clickhouse-io
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Unsafe SQL Construction. The TypeScript example for the bulkInsertTrades function constructs a SQL INSERT statement by directly interpolating variables from the trades object into a template string. This approach is highly vulnerable to SQL injection if the input data is not strictly validated, as it allows for the execution of arbitrary database commands via crafted inputs. Mitigation involves using parameterized queries or the official database client's bulk insertion methods that handle data escaping automatically.
Audit Metadata