skills/jeremylongshore/claude-code-plugins-plus-skills/generating-stored-procedures/Gen Agent Trust Hub
generating-stored-procedures
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python scripts (
database_connection_test.pyandstored_procedure_deployer.py) to execute database client utilities includingpsql,mysql, andsqlcmd. These commands are executed using list-based arguments insubprocess.run, which effectively mitigates shell injection vulnerabilities. - [COMMAND_EXECUTION]: Credentials such as database passwords are provided by the user at runtime. For PostgreSQL, the skill securely handles passwords via the
PGPASSWORDenvironment variable. For MySQL and SQL Server, passwords are passed as command-line flags, which is a common but less secure practice as it may expose credentials in process lists; however, this is typical for these CLI tools in development contexts and does not represent a malicious intent. - [SAFE]: The skill includes extensive documentation on database security guidelines, specifically warning against SQL injection and recommending the principle of least privilege.
- [SAFE]: No evidence of data exfiltration, obfuscation, or unauthorized network operations was detected. All external interactions are restricted to the database hosts provided by the user.
Audit Metadata