Skills
skills/materializeinc/materialize/mz-limits-test/Gen Agent Trust Hub

mz-limits-test

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content (user instructions and local files) to generate executable code.
  • Ingestion points: User-provided descriptions of stress tests and the content of the test/limits/mzcompose.py file.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the data it processes.
  • Capability inventory: The skill generates SQL queries and shell commands (via the mzcompose framework) that can modify system settings (ALTER SYSTEM) and perform database operations.
  • Sanitization: Absent; no validation or escaping is applied to user-supplied data before it is interpolated into the generated test code.
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the vendor-specific bin/mzcompose tool and to generate shell commands via the postgres-execute DSL. These operations are within the scope of the skill's primary purpose of database testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:17 PM