postgres
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements several industry-standard security practices for database access.
- [SESSION_SECURITY]: Enforces
readonly=Trueat the PostgreSQL session level, which is the most robust way to prevent unauthorized write operations (INSERT, UPDATE, DELETE). - [QUERY_VALIDATION]: Uses client-side checks to ensure only safe commands (SELECT, SHOW, EXPLAIN, etc.) are executed and rejects queries containing multiple statements (semicolon injection).
- [CREDENTIAL_PROTECTION]: Includes a permission check (
chmod 600) for the configuration file on Unix systems and explicitly sanitizes error messages to prevent password leakage in logs or terminal output. - [RESOURCE_MANAGEMENT]: Implements a hard limit on the number of rows returned (10,000) and query timeouts (30 seconds) to prevent Denial of Service (DoS) or Out-of-Memory (OOM) conditions.
- [NETWORK_SECURITY]: Supports configurable SSL modes (e.g.,
require,verify-full) for encrypted database communication.
Audit Metadata