dm8-tools
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The
dm8_query.pyscript allows execution of arbitrary SQL statements. While this is the intended purpose, the tool permits destructive operations (e.g.,DELETE,DROP,UPDATE) and does not use parameterized queries. This poses a risk if the agent is manipulated by prompt injection to execute malicious commands. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill relies on a binary Java archive (
DmJdbcDriver18.jar) to function. This file is mentioned as 'built-in' inSKILL.mdbut is missing from the provided source files, making it an unverifiable binary dependency. Loading external binary drivers into a JVM viaJPype1andjaydebeapiis a common vector for code execution. - [CREDENTIALS_UNSAFE] (LOW): Database passwords are required as command-line arguments (
--password) for all scripts. This is a poor security practice as it can expose credentials in process lists, shell history, and system logs. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides a significant surface for indirect prompt injection by reading untrusted data from database tables.
- Ingestion points: Results from
dm8_query.py,dm8_tables.py, anddm8_schema.pyare returned directly to the agent. - Boundary markers: None. The output is printed as a raw JSON string without delimiters.
- Capability inventory: Full SQL execution capabilities (read/write/delete) and network access to database hosts.
- Sanitization: No sanitization or escaping is performed on the data retrieved from the database before it is provided to the agent context.
Audit Metadata