query-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from database execution plans which could be manipulated by an attacker.
- Ingestion points: The skill ingests user-provided text or JSON output from
EXPLAIN (ANALYZE, BUFFERS)commands as described inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions defined to prevent the agent from following directions that might be embedded within the database execution plan data.
- Capability inventory: The skill has the capability to write files to the local filesystem (
docs/database-report/). It does not appear to have network access or the ability to execute arbitrary system commands, although it generates SQL recommendations. - Sanitization: No input validation or sanitization logic is specified for the ingested execution plans.
Audit Metadata