relational-database-mcp-cloudbase
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates an attack surface where data read from the database via executeReadOnlySQL can influence subsequent write or DDL operations.
- Ingestion points: Results from executeReadOnlySQL and readSecurityRule in SKILL.md.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore instructions found within retrieved data.
- Capability inventory: The agent has high-privilege access via executeWriteSQL (INSERT, UPDATE, DELETE, DROP) and writeSecurityRule (modifying database permissions).
- Sanitization: Absent; the skill does not mandate sanitization or parameterization of data before it is used in SQL statements.
- Dynamic Execution (MEDIUM): The skill's primary function is the execution of arbitrary SQL commands through executeWriteSQL, which is a form of dynamic code execution that can be exploited if the inputs are not strictly controlled.
Recommendations
- AI detected serious security threats
Audit Metadata