Skills
skills/lawless-m/claude-skills/PostgreSQL/Gen Agent Trust Hub

PostgreSQL

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute a local binary PgQuery.exe located at Y:/CSharpDLLs/PgQuery/ or C:/Users/matthew.heath/Git/PgQuery to perform database operations.
  • [CREDENTIALS_UNSAFE]: The instructions direct the agent to read connection parameters, including plaintext passwords, from JSON configuration files stored in R:/JsonParams/.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes user-supplied SQL or SQL files via the PgQuery.exe tool without sanitization or boundary markers. Ingestion points: SQL strings and files. Boundary markers: Absent. Capability inventory: Full DDL/DML access to the database. Sanitization: No evidence of parameterization or input filtering.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 09:31 AM