databases
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Privilege Escalation (HIGH): The skill instructions include usage of
sudofor package installation (sudo apt-get install) and service control (sudo systemctl start), granting the agent root-level system access. These are associated with the primary purpose of database administration. - Command Execution (MEDIUM): The skill executes local Python scripts (
db_migrate.py,db_backup.py,db_performance_check.py) to perform administrative functions. These scripts have direct interaction with the system shell and filesystem. - Unverifiable Dependencies (MEDIUM): The setup guide recommends installing software using
apt-get, which downloads packages from external system repositories without explicit version pinning or integrity verification within the skill itself. - Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection. 1. Ingestion points: Query results fetched from MongoDB and PostgreSQL databases. 2. Boundary markers: Absent; there are no instructions to the agent to treat data from the database as untrusted. 3. Capability inventory: The skill can execute system commands and perform file operations. 4. Sanitization: Absent; no evidence of input validation or output escaping for data retrieved from database connections.
- Data Exposure (SAFE): The skill uses
user:passplaceholders in connection string templates. This is marked as safe because the documentation includes a clear security warning advising against hardcoding credentials and recommending environment variables instead.
Audit Metadata