encore-database
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill enables an AI agent to ingest data from external SQL databases and provides the capability to perform sensitive operations like data modification and deletion. This creates a vulnerability where malicious content stored in the database could manipulate the agent's logic. Ingestion points: db.query and db.queryRow in SKILL.md. Boundary markers: Absent for retrieved data. Capability inventory: db.exec, orm.insert, orm.update, and orm.delete. Sanitization: Absent for data retrieved from the database.
- Command Execution (MEDIUM): The skill allows the agent to execute SQL commands and manage database migrations. These are high-privilege operations that could be exploited if the agent's instructions are overridden via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata