databases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The file
SKILL.mdincludes instructions for executingsudocommands (sudo apt-get install,sudo systemctl start) which allows an agent to perform system-level administrative operations without restricted oversight. - Indirect Prompt Injection (HIGH):
- Ingestion points: The skill reads data directly from MongoDB and PostgreSQL databases via the
psqlandmongoshCLI tools. - Boundary markers: There are no markers or specific instructions to isolate or ignore malicious command strings embedded within database records.
- Capability inventory: The skill allows for direct modification of database schemas, user permissions, and data records via aggregation pipelines and SQL queries.
- Sanitization: No evidence of input validation or parameterization of database queries is present, allowing data to be treated as executable code.
- Metadata Poisoning (MEDIUM): The
scripts/requirements.txtfile incorrectly states that the skill uses only the standard library, whiletest_db_migrate.pyconfirms that the skill depends onpymongoandpsycopg2for its core functionality. - External Downloads (MEDIUM):
SKILL.mdandscripts/requirements.txtrecommend downloading binary tools from external sources (mongodb.com,postgresql.org) without providing integrity hashes or verification steps.
Recommendations
- AI detected serious security threats
Audit Metadata