database-migration-helper
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples of database management commands using industry-standard tools.
- Evidence: SKILL.md includes commands such as
npx prisma migrate resetandalembic upgrade head. - Context: These tools are standard for database development but perform high-impact operations like resetting databases or applying schema changes.
- [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection (Category 8) by transforming user-provided descriptions into executable code.
- Ingestion points: User requests for specific database migrations (e.g., "create migration to add user roles table") in SKILL.md.
- Boundary markers: Absent; there are no instructions to the agent to ignore potentially malicious commands embedded in the user's schema descriptions.
- Capability inventory: The skill is designed to generate SQL, TypeScript, and Python scripts capable of altering tables, updating data, and dropping objects.
- Sanitization: No sanitization or validation logic is specified for the input used to generate these migration scripts.
Audit Metadata