archiving-databases
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file grants broad execution privileges for database and cloud CLI tools using wildcards in the allowed-tools field, specifically Bash(psql:), Bash(mysql:), Bash(aws:s3:), and Bash(az:storage:). This allows the agent to execute any subcommand within these namespaces, which could be abused to perform unauthorized data deletion, modification, or credential extraction if the agent's instructions are subverted.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The skill processes potentially untrusted data from database tables and external configuration files (e.g., config_template.yaml).
- Boundary markers: No explicit markers or instructions are present in SKILL.md or scripts to distinguish between data and instructions.
- Capability inventory: The skill has significant capabilities, including database deletion permissions (mentioned in prerequisites) and file writing.
- Sanitization: The provided Python script templates (database_archival.py, database_restore.py) do not include sanitization or validation of the data being processed.
Audit Metadata