Skills
skills/constructive-io/constructive-skills/pgpm-extensions/Gen Agent Trust Hub

pgpm-extensions

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes pgpm install to download modules from the npm registry under the @pgpm scope (e.g., @pgpm/faker, @pgpm/base32). These are standard vendor resources for the pgpm ecosystem.
  • [COMMAND_EXECUTION]: The agent is directed to execute CLI commands such as pgpm extension, pgpm install, and pgpm upgrade-modules to manage the PostgreSQL environment.
  • [PROMPT_INJECTION]: The skill describes an indirect injection surface through the management of .control files for dependency resolution.
  • Ingestion points: The agent reads dependency lists from the requires field in module .control files.
  • Boundary markers: No explicit markers are defined to help the agent distinguish between data and instructions within the .control file content.
  • Capability inventory: The agent has the capability to install and deploy code using the pgpm CLI based on the contents of these configuration files.
  • Sanitization: There are no instructions for validating or sanitizing the strings read from the .control files.
  • [SAFE]: No obfuscation, data exfiltration, or malicious persistence mechanisms were identified. The 'Critical Rule' regarding CREATE EXTENSION is a functional constraint to ensure database consistency.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 05:14 AM