sqlserver-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill correctly uses environment variables (e.g.,
process.env.SQL_USER) rather than hardcoding credentials in the configuration examples. - [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were identified.
- [Remote Code Execution] (SAFE): No patterns of downloading or executing remote scripts were detected.
- [Command Execution] (SAFE): The skill contains SQL and TypeScript snippets but does not invoke system-level commands or shell processes.
- [Indirect Prompt Injection] (SAFE): While the skill provides templates for database interaction, it explicitly recommends using parameterized queries to prevent SQL injection at the application level.
Audit Metadata