Skills
skills/majesticlabs-dev/majestic-marketplace/etl-incremental-patterns/Gen Agent Trust Hub

etl-incremental-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill demonstrates a high-risk pattern where untrusted strings are interpolated directly into SQL statements.
  • Ingestion points: The table and timestamp_col arguments in functions like incremental_by_timestamp and full_refresh_with_swap are likely to be populated from external configurations or database schemas.
  • Capability inventory: The skill uses sqlalchemy (implied by engine.begin()) and has Bash and Write permissions, allowing for significant system impact if the SQL execution is compromised.
  • Sanitization: There is no evidence of identifier quoting or validation (e.g., checking against a whitelist or using SQLAlchemy's quoted_name).
  • Evidence: The line query = f"SELECT * FROM {table} WHERE {timestamp_col} > :last_run" in SKILL.md allows for SQL injection through the {table} and {timestamp_col} variables.
  • [Command Execution] (LOW): The skill requests Bash tool access. While common for ETL tasks, in combination with the injection vulnerabilities mentioned above, it increases the potential for an attacker to pivot from a database compromise to local system access if the agent uses the tool to verify or move data files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:59 AM