Skills
skills/cockroachlabs/cockroachdb-skills/analyzing-schema-change-storage-risk/Gen Agent Trust Hub

analyzing-schema-change-storage-risk

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill provides SQL queries to access crdb_internal.kv_store_status. This table contains metadata about the cluster's physical storage layout, including node_id, store_id, capacity, and current disk usage. While this provides visibility into internal cluster state, it is standard diagnostic data required for the skill's stated purpose of capacity planning.
  • [COMMAND_EXECUTION]: The skill provides complex SQL templates for execution against a CockroachDB cluster. These queries use advanced features like SHOW RANGES WITH DETAILS and JSON path extraction (span_stats->>'approximate_disk_bytes'). The instructions include explicit warnings about the CPU and memory overhead of these commands and provide guardrails such as the use of LIMIT and specific table targeting.
  • [INDIRECT_PROMPT_INJECTION]: The skill uses placeholders (e.g., your_table_name) in SQL queries.
  • Ingestion points: Table names are provided as input to SQL templates in SKILL.md and storage-calculations.md.
  • Boundary markers: Absent; the queries are provided as plain text templates.
  • Capability inventory: SQL execution via an established database connection.
  • Sanitization: Not applicable as these are documentation templates intended for an agent to populate and execute.
  • [PRIVILEGE_MANAGEMENT]: The skill explicitly documents its requirement for admin or ZONECONFIG privileges. It provides a standard method for users to verify their current grants (SHOW GRANTS ON SYSTEM) before attempting restricted operations, promoting best practices for role-based access control.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 12:21 PM