Skills
skills/davidcastagnetoa/skills/alembic/Gen Agent Trust Hub

alembic

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes a hardcoded database connection string in the alembic.ini configuration section (postgresql+asyncpg://verifid_migrations:password@localhost:5432/verifid_kyc) which contains a plaintext password for a migration user.
  • [COMMAND_EXECUTION]: The skill requires the use of shell commands to install the alembic package and to execute migration tasks such as alembic init, alembic upgrade, and alembic downgrade. These commands interact directly with the operating system and the database.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the alembic revision --autogenerate process. This process ingests data from local application models (backend.modules.models) to generate executable database migration scripts. It lacks explicit boundary markers or sanitization, potentially allowing malicious code in the models to influence the generated DDL operations executed by the database agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 05:46 AM