skills/jeremylongshore/claude-code-plugins-plus-skills/scanning-database-security/Gen Agent Trust Hub
scanning-database-security
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and analyze external data.
- Ingestion points: The scripts
config_validator.py,database_scan.py, andreport_generator.pyaccept arbitrary files or directories as input for processing. - Boundary markers: There are no delimited structures or explicit "ignore instructions" warnings for the data being read.
- Capability inventory: The skill is configured with powerful tool access, specifically
Bash(psql:*),Bash(mysql:*), andBash(mongosh:*), which could be abused if an injection occurs. - Sanitization: The provided boilerplate scripts perform no sanitization or validation of the content of the files they read.
Audit Metadata