databases
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): In
SKILL.md, the setup instructions for PostgreSQL include commands utilizingsudo(sudo apt-get installandsudo systemctl start). Directing an agent to execute commands with root privileges is a significant security risk as it bypasses permission constraints. - Indirect Prompt Injection (LOW): The skill is designed to ingest data from external MongoDB and PostgreSQL databases, which introduces a vulnerability surface.
- Ingestion points: Data retrieved through database queries (
db.users.find,SELECT * FROM users). - Boundary markers: Absent. The skill provides no mechanisms to isolate or delimit untrusted database content from the agent's internal instructions.
- Capability inventory: The skill utilizes shell commands (
psql,mongosh) and executes local Python scripts (scripts/db_migrate.py,scripts/db_backup.py). - Sanitization: Absent. No validation or escaping of external database content is mentioned or implemented in the provided documentation.
Recommendations
- AI detected serious security threats
Audit Metadata