ai-data-integration
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms natural language into SQL queries or data transformations. If an attacker provides malicious input (e.g., embedded instructions in data or clever phrasing in prompts), they could attempt to influence the generated code. The skill mitigates this by implementing 'Boundary markers' (Section: Input Sanitization in SKILL.md) and 'Sanitization' (using sqlglot for query validation in references/nl-to-sql-patterns.md). Evidence: SKILL.md sections 'Input Sanitization' and 'AI-Data Integration Maturity Model'.
- [COMMAND_EXECUTION]: The skill describes patterns for executing AI-generated SQL queries against production data warehouses. While this is the intended purpose, it represents a significant capability. The skill manages this risk via 'Capability inventory' controls: read-only roles, row limits, query timeouts, and mandatory 'LIMIT' clauses. Evidence: references/mcp-data-patterns.md implementation of 'run_query' and 'validate_query' functions.
Audit Metadata