pgsql-test
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the user to execute shell commands for package management ('pnpm add -D pgsql-test') and running automated tests ('pnpm test:watch').\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the 'pgsql-test' and 'drizzle-orm-test' packages from the NPM registry. These are vendor-owned resources originating from the skill's author, 'constructive-io'.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from external fixture files (JSON, SQL, CSV) during database seeding operations, which creates a surface for indirect prompt injection.\n
- Ingestion points: 'loadJson', 'loadSql', and 'loadCsv' methods defined in 'references/seeding.md' which load data from the file system.\n
- Boundary markers: No explicit boundary markers or warnings to ignore embedded instructions are present in the fixture processing workflow.\n
- Capability inventory: The skill utilizes the 'PgTestClient' which has broad capabilities to execute SQL queries, modify database state, and manage transactions as described in 'SKILL.md'.\n
- Sanitization: No specific data validation, escaping, or sanitization logic is documented for the content of the seed files.
Audit Metadata