skills/jeremylongshore/claude-code-plugins-plus-skills/database-documentation-gen/Gen Agent Trust Hub
database-documentation-gen
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns such as direct prompt injection, data exfiltration, or obfuscated code were identified during the analysis.
- [COMMAND_EXECUTION]: The skill uses database CLI tools (psql, mysql, mongosh) through allowed Bash tools to interact with database engines for documentation purposes. This is expected behavior for the skill's stated intent and is used to retrieve schema information.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external database schema files. 1. Ingestion points: The erd_generator.py script accepts external database schema definitions via JSON files. 2. Boundary markers: No specific delimiters or warnings are used to isolate untrusted schema data from the generated output. 3. Capability inventory: The skill can perform file system operations and execute database-specific CLI commands. 4. Sanitization: The scripts do not perform advanced sanitization on schema content (e.g., table or column names) before incorporating them into the documentation output.
Audit Metadata