skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/sql-query-builder/Gen Agent Trust Hub
sql-query-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via processed data.
- Ingestion points: Project data and parameters provided by the user in CSV, Excel, or JSON formats.
- Boundary markers: None; the skill does not use delimiters to isolate untrusted data.
- Capability inventory: The skill is limited to generating SQL strings and does not include capabilities for query execution or filesystem/network operations in the Python code.
- Sanitization: The formatting logic in
SKILL.mddoes not properly escape single quotes or other SQL control characters, making the generated queries potentially unsafe.
Audit Metadata