database-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes a bash script (check-db.sh) upon trigger. Analysis shows the script is limited to local file system discovery (find) and string matching (grep) within the project directory to identify database configurations and SQL structures.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): While the script accesses configuration files (e.g., application.yml), it does not transmit data externally or access sensitive system paths such as SSH keys or environment variables. All operations are local and diagnostic.
- [INDIRECT PROMPT INJECTION] (LOW): The script reads project files which could theoretically contain malicious content. However, the script lacks capabilities for remote code execution or exfiltration, rendering the surface non-exploitable. 1. Ingestion points: check-db.sh (local file reads). 2. Boundary markers: None. 3. Capability inventory: grep, find, wc. 4. Sanitization: None.
Audit Metadata