managing-databases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides templates for full administrative control over production databases.
- Evidence: Use of
pg_dump,pg_restore, andpsqlfor arbitrary command execution. - Evidence: Emergency procedures include
pg_terminate_backend(pid)which can be used for Denial of Service (DoS) attacks. - [DATA_EXFILTRATION] (HIGH): High capability for bulk data movement.
- Evidence:
pg_dump -d production > backup.dumpfacilitates extracting the entire database content to the local filesystem. - Evidence:
pg_basebackup -h primary_hostenables streaming entire database clusters across the network. - [CREDENTIALS_UNSAFE] (HIGH): Contains hardcoded passwords in usage examples.
- Evidence:
CREATE USER replicator WITH REPLICATION ENCRYPTED PASSWORD 'secret';in SKILL.md. - Evidence:
CREATE ROLE app_user WITH LOGIN PASSWORD 'secure_password';in SKILL.md. - [INDIRECT PROMPT INJECTION] (HIGH): The skill processes untrusted external data with high-privilege capabilities.
- Ingestion points: Reads from
pg_stat_activity,pg_stat_statements, andpg_tableswhich can contain attacker-influenced strings (e.g., query comments, table names). - Boundary markers: None identified; untrusted data is directly interpolated into agent reasoning for 'Health Checks' and 'Troubleshooting'.
- Capability inventory: Shell execution (
pg_dump), system-level SQL execution, and network connectivity. - Sanitization: Absent. Malicious SQL queries or table names could influence agent logic during maintenance tasks.
Recommendations
- AI detected serious security threats
Audit Metadata