query-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection because it processes data from external database sources.
- Ingestion points: Data enters the agent context via
sql_db_schemaandsql_db_queryresults. - Boundary markers: None. The instructions do not specify using delimiters or warnings to ignore instructions found within database records or schema names.
- Capability inventory: The skill is capable of executing arbitrary SELECT queries through
sql_db_query. - Sanitization: No sanitization or validation logic is defined to check for malicious content within the database outputs.
Audit Metadata