sap-hana-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data retrieved from SAP HANA database objects, such as table names, column metadata, and query results.
- Ingestion points: Data enters the agent context through commands like
inspectTable,querySimple, andmassConvert(described inreferences/command-reference.mdandreferences/db-inspection.md). - Boundary markers: There are no explicit instructions or delimiters mentioned in the skill templates to prevent the agent from following instructions embedded within database content.
- Capability inventory: The skill has the capability to execute system commands via
hana-cli, write converted metadata files (ZIP/CDS), and interact with cloud APIs (documented inreferences/mass-operations.mdandreferences/cloud-operations.md). - Sanitization: While
references/development-environment.mddescribes SQL injection prevention functions likeescapeDoubleQuotes, these are intended to protect the database from malicious input rather than protecting the agent from malicious data retrieved from the database. - [COMMAND_EXECUTION]: The skill facilitates the execution of numerous database management and inspection commands using the
hana-clitool, as detailed across thereferences/directory. - [EXTERNAL_DOWNLOADS]: The skill documentation guides the user to download and install several external components.
- Installs the
hana-clinpm package from the public registry. - Executes
install-btp.shto fetch and install the SAP BTP CLI from an official SAP repository as described inreferences/development-environment.md.
Audit Metadata