skills/mukul975/anthropic-cybersecurity-skills/performing-service-account-credential-rotation/Gen Agent Trust Hub
performing-service-account-credential-rotation
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect injection surface within 'scripts/process.py' where user-provided account names are interpolated directly into SQL administrative commands.
- Ingestion points: The 'target_user' parameter in the 'rotate_database_password' function within 'scripts/process.py', which may be sourced from external configuration files.
- Boundary markers: Absent; the script does not perform escaping or validation on database user identifiers before execution.
- Capability inventory: The script utilizes administrative database capabilities (via psycopg2 and mysql.connector) to alter user credentials.
- Sanitization: While password values are correctly handled using parameterized queries, the SQL identifiers (usernames) are directly interpolated into the command string, presenting a surface for indirect injection.
Audit Metadata