skills/jeremylongshore/claude-code-plugins-plus-skills/detecting-database-deadlocks/Gen Agent Trust Hub
detecting-database-deadlocks
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Deceptive metadata and script mismatch. The file
scripts/analyze_deadlocks.pyand its description inscripts/README.mdclaim the script connects to a database to perform deadlock detection. However, the provided Python code implements a generic directory crawler that calculates file statistics (size, count, types) and contains no database connection or deadlock detection logic. This discrepancy could mislead users or agents regarding the skill's actual capabilities. - [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill instructs the agent to parse database error logs and engine status outputs (e.g.,
SHOW ENGINE INNODB STATUS). Because database logs often capture user-supplied queries, an attacker could inject malicious instructions into these logs to influence the agent's behavior during analysis. - Ingestion points: Database error logs and
SHOW ENGINE INNODB STATUSoutput (SKILL.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions when processing log data.
- Capability inventory: The agent has access to
Bash(psql, mysql, mongosh),Write,Edit, andReadtools (SKILL.md). - Sanitization: Absent. There are no instructions for sanitizing or validating log content before processing.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute database CLI clients (psql,mysql,mongosh) for diagnostic purposes. While this is the intended functionality, it grants the agent broad access to the database environment, which could be abused if the agent is influenced by malicious input.
Audit Metadata