moai-domain-database
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface.
- Ingestion points: In SKILL.md, the QueryOptimizer and DatabaseCache classes accept raw query strings.
- Boundary markers: No delimiters or instructions are provided to the agent to treat inputs as untrusted data.
- Capability inventory: The skill includes code to execute these queries via database sessions, which could be leveraged for unauthorized operations.
- Sanitization: The implementation uses f-string interpolation and SQLAlchemy's text() function without input validation or parameterization.
Audit Metadata