databases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill instructs the agent to execute commands using
sudofor package installation (sudo apt-get install) and service management (sudo systemctl start). This requires the agent to have elevated system permissions, which is a high-risk configuration. - [Indirect Prompt Injection] (HIGH): The skill is designed to process database schemas, queries, and migrations, which are often derived from untrusted external sources or user input.
- Ingestion points: SQL queries, MongoDB aggregation pipelines, and migration definitions passed to the agent or the included Python scripts.
- Boundary markers: None. There are no instructions to delimit or ignore instructions embedded within the data being processed.
- Capability inventory: The skill provides a high-privilege toolset including data migration (
db_migrate.py), backup/restore (db_backup.py), and direct shell access (psql,mongosh). - Sanitization: No sanitization or validation logic is defined in the documentation to prevent SQL injection or malicious database operations.
- [Unverifiable Dependencies] (MEDIUM): The skill references several local Python scripts (
scripts/db_migrate.py,scripts/db_backup.py,scripts/db_performance_check.py) that perform sensitive operations. These scripts were not provided for analysis, making their internal security posture and handling of input unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata