sql-performance-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters or override system behavior. The instructions are strictly focused on SQL optimization logic.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations detected. The skill only processes text provided in the user prompt.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or other encoding techniques were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages or remote scripts are downloaded or executed. The skill does not contain any code (Python, Node.js, or Shell).
- [Privilege Escalation] (SAFE): No commands related to privilege escalation (sudo, chmod, etc.) are present.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles or system services.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill ingests user-provided SQL queries and query profile details (SKILL.md).
- Boundary markers: None explicitly defined in the templates, though the context is clearly SQL review.
- Capability inventory: None. The skill does not have access to subprocesses, file writes, or network operations.
- Sanitization: Not applicable as the skill only outputs suggested text/SQL to the user and does not execute the queries itself.
Audit Metadata