cross-env-postgresql-extensions
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill utilizes 'SET ROLE postgres' within a DO block to elevate privileges to the superuser level, which can be exploited to bypass database security controls.
- Indirect Prompt Injection (HIGH): The skill processes external data without safety boundaries. 1. Ingestion points: File 'SKILL.md' uses a '{extension_name}' placeholder. 2. Boundary markers: Absent; the variable is placed directly in the SQL string. 3. Capability inventory: The skill enables high-privilege DDL (CREATE/DROP EXTENSION) which can alter database state or perform unauthorized actions. 4. Sanitization: Absent; no validation or escaping of the extension name is performed, allowing for SQL injection if the agent receives malicious input.
Recommendations
- AI detected serious security threats
Audit Metadata