workflow-local-dev
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Command Execution (MEDIUM): The
db-query.shscript allows for the execution of arbitrary SQL queries against the local database. This capability allows the agent (or an attacker via prompt injection) to modify, delete, or exfiltrate sensitive development data. - Credentials Unsafe (LOW): The
reference.mdfile contains hardcoded default credentials for the local PostgreSQL instance (User: postgres,Password: postgres). Although these are standard for local 'Kind' environments, hardcoding them is a poor security practice. - Indirect Prompt Injection (LOW): The skill possesses a significant attack surface for indirect prompt injection as it ingests untrusted data from external sources and has high-privilege capabilities.
- Ingestion points: System logs retrieved via
tail-logs.shand database records retrieved viadb-query.sh. - Boundary markers: None. The output of these commands is processed directly by the agent without delimiters or safety instructions.
- Capability inventory: The skill can execute arbitrary SQL (
db-query.sh), trigger service rebuilds (restart-service.sh), and delete/modify Kubernetes resources via the referenced MCP tools. - Sanitization: No sanitization or validation of the data ingested from logs or database queries is performed.
Audit Metadata