mssql-tools
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes untrusted data from a database instance.
- Ingestion points: SQL query results and database metadata returned by all scripts in the scripts/ directory, specifically the rows fetched in mssql_query.py, mssql_tables.py, and mssql_schema.py.
- Boundary markers: Absent; there are no explicit delimiters or system instructions provided to ensure the agent ignores potential commands embedded within retrieved database records.
- Capability inventory: The mssql_query.py script allows the execution of arbitrary T-SQL, granting the agent full read/write and schema modification capabilities on the connected database.
- Sanitization: No sanitization, filtering, or validation is performed on the data retrieved from the database before it is presented to the agent context.
Audit Metadata