database-operations
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The file SKILL.md explicitly lists credentials for a PostgreSQL database, specifically User: airflow and Password: airflow. Hardcoding authentication secrets is a severe security risk as it facilitates unauthorized access to databases.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by consuming and processing external data from multiple database tables.
- Ingestion points: The skill retrieves data from tables like unified_games and game_odds via the fetch_df method in SKILL.md.
- Boundary markers: There is an absence of delimiters or instructions for the agent to treat this external database content as untrusted.
- Capability inventory: The skill can execute SQL write commands (UPDATE, INSERT) and bulk-write data using to_sql, providing an attacker with a way to influence system state if they can inject instructions into the database.
- Sanitization: No evidence of data sanitization or validation of the retrieved content is provided before it is used by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata