flyway-consolidate
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied SQL migration files, which constitutes an indirect prompt injection surface.
- Ingestion points: SQL migration files discovered via globbing as described in the consolidation workflow.
- Boundary markers: The instructions lack specific delimiters or safety warnings to help the agent ignore instructions embedded within the SQL data (e.g., in comments).
- Capability inventory: The skill uses file reading and content generation tools to analyze schema evolution and produce reports.
- Sanitization: There is no mention of sanitizing or validating the SQL content for malicious natural language instructions.
- [NO_CODE]: This skill consists entirely of markdown-based instructions and examples; it does not include any executable scripts, binaries, or external code files.
Audit Metadata