postgres
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill reads database credentials from local files (connections.json or ~/.config/claude/postgres-connections.json) and initiates network connections to the specified remote database hosts. This is the intended primary function but involves handling sensitive authentication data and performing network operations to non-whitelisted domains.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external PostgreSQL databases into the agent context. Ingestion points: The scripts/query.py script fetches rows from databases via psycopg2. Boundary markers: The results are formatted as plain text tables without explicit delimiters or instructions to the agent to disregard instructions within the data. Capability inventory: The agent has the ability to execute subsequent SQL queries and potentially access other tools. Sanitization: The skill enforces row and column limits but does not perform content-based filtering or escaping of the retrieved data.
- [EXTERNAL_DOWNLOADS]: The skill requires the psycopg2-binary package, which is a standard library for PostgreSQL connectivity.
Audit Metadata