skills/jeremylongshore/claude-code-plugins-plus-skills/monitoring-database-transactions/Gen Agent Trust Hub
monitoring-database-transactions
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform administrative tasks, specifically terminating database connections using pg_terminate_backend or KILL. While intended for remediation, this capability allows the agent to disrupt database services.
- [COMMAND_EXECUTION]: Instruction 6 directs the user to establish cron jobs for scheduled execution. While standard for monitoring, this constitutes a system persistence mechanism.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests untrusted data from database system catalogs (pg_stat_activity, PROCESSLIST). These views contain raw SQL query text which can be crafted by any database user to include malicious instructions aimed at the agent.
- Ingestion points: SKILL.md instructions for querying pg_stat_activity and information_schema.PROCESSLIST.
- Boundary markers: None. The instructions do not specify using delimiters or warnings to ignore instructions within the query text.
- Capability inventory: Bash, Write, Edit, Read, Grep, and Glob tools allowed in SKILL.md frontmatter.
- Sanitization: None. There is no evidence of filtering or escaping the results of the monitoring queries.
- [SAFE]: The script scripts/rollback_analyzer.py is a benign directory analyzer. Although its functionality is inconsistent with its name (it does not analyze database rollbacks), it does not perform any dangerous operations such as network requests or unauthorized data access.
Audit Metadata