skills/jeremylongshore/claude-code-plugins-plus-skills/clickhouse-incident-runbook/Gen Agent Trust Hub
clickhouse-incident-runbook
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for administrative tasks such as restarting the ClickHouse service using
sudo systemctl restartordocker restart, and inspecting kernel/service logs viadmesgandjournalctl. - [COMMAND_EXECUTION]: Employs destructive database operations, including
ALTER TABLE ... DROP PARTITIONfor managing disk space andKILL QUERYfor terminating long-running processes. - [DATA_EXFILTRATION]: Instructs the agent to write database query logs and metrics to local files at
/tmp/incident-queries.jsonand/tmp/incident-metrics.tsv, which may expose sensitive query information and performance metadata to other users or processes on the host. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted content from database system tables.
- Ingestion points: Reads from
system.query_logandsystem.processesin SKILL.md to collect evidence and triage issues. - Boundary markers: Does not utilize markers to isolate database output from agent instructions.
- Capability inventory: Possesses high-privilege access to shell environments, system service management via
sudo, and administrative database controls. - Sanitization: Lacks mechanisms to sanitize or validate database log entries before the agent processes them.
- [EXTERNAL_DOWNLOADS]: Retrieves service health information from the official ClickHouse Cloud status domain.
Audit Metadata