database-designer
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata contains an installation command that fetches the skill documentation from an external GitHub repository.
- Evidence: The
install_commandfield inmetadata.jsonretrievesSKILL.mdfromhttps://raw.githubusercontent.com/borghei/Claude-Skills/main/engineering/database-designer/SKILL.md. - [PROMPT_INJECTION]: The skill defines analysis workflows for processing external database schemas and query patterns, representing an indirect prompt injection surface.
- Ingestion points: The skill accepts SQL DDL files, JSON schema definitions, and query patterns for normalization and optimization analysis (as described in the 'Tools & Scripts' section of SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are specified in the provided skill text.
- Capability inventory: Based on the provided files, the skill does not include executable code; it provides structured guidance for the agent to follow. The metadata indicates scripts may exist in the full repository, but none are present in this analysis scope.
- Sanitization: No input validation or sanitization mechanisms are described for the processed database definitions.
Audit Metadata