streamlit-snowflake
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
templates/streamlit_app.pyfile provides a user interface for executing arbitrary SQL queries directly against the Snowflake environment. - Evidence: The
run_custom_queryfunction intemplates/streamlit_app.pypasses raw user input from ast.text_areacomponent to thesession.sql()method. - Impact: If an application built from this template is deployed using the 'Owner's Rights' model, viewers could execute any SQL command permitted by the owner's role, potentially leading to unauthorized data modification or access.
- [PROMPT_INJECTION]: The skill templates expose an indirect prompt injection surface through the processing of untrusted user input in SQL queries.
- Ingestion points: User-provided text in
st.text_area(templates/streamlit_app.py) andst.text_input(templates/pages/data_explorer.py). - Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore embedded instructions in the processed data.
- Capability inventory: High-privilege SQL execution via
session.sql()intemplates/common/utils.pyandtemplates/pages/data_explorer.py. - Sanitization: While
templates/pages/data_explorer.pyimplements regex-based identifier validation and quoting, the main application template (templates/streamlit_app.py) allows raw SQL execution without sanitization.
Audit Metadata