streamlit-snowflake
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
templates/streamlit_app.pyfile includes a custom query execution feature (run_custom_query) that takes raw input from a Streamlittext_areaand executes it directly viasession.sql(). While standard for developer utilities, this creates a high risk of SQL injection if the resulting application is shared with untrusted users. The skill mitigates this in other templates (liketemplates/pages/data_explorer.py) by providing robust regex-based identifier validation and quoting functions. - [CREDENTIALS_UNSAFE] (INFO): The
references/authentication.mdfile contains documentation on generating RSA key pairs and using them for authentication. It correctly uses placeholders (your_passphrase,your_account) and provides explicit 'Security Best Practices' advising users to never commit credentials to version control and to use secrets management (GitHub Secrets). - [EXTERNAL_DOWNLOADS] (INFO): The skill references standard Snowflake and Python ecosystem resources (e.g., PyPI, Snowflake Anaconda Channel, GitHub Actions). These are trusted sources and the installation patterns (e.g.,
pip install snowflake-cli-labs) are routine for the domain.
Audit Metadata