skills/jeremylongshore/claude-code-plugins-plus-skills/generating-database-seed-data/Gen Agent Trust Hub
generating-database-seed-data
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data (database schemas, DDL files, ORM models) to generate code. If these input files contain malicious instructions hidden in comments or metadata, the agent might follow them instead of performing the intended task.\n
- Ingestion points: The instructions in SKILL.md direct the agent to analyze external "database schema definition (SQL DDL, ORM models, or Prisma schema)" files.\n
- Boundary markers: No boundary markers or "ignore instructions" directives are specified to distinguish between structural schema data and potential embedded malicious instructions.\n
- Capability inventory: The skill allows high-privilege operations via the
Bash(cmd:*)andWritetools, increasing the impact of a successful injection.\n - Sanitization: No sanitization or validation logic is defined to check the integrity of the schema files before they are processed.
Audit Metadata