ask-db-migration-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill exhibits a vulnerability surface where untrusted user input is directly translated into executable SQL code and written to the filesystem.
- Ingestion points: User instructions for database schema modifications (e.g., "Add an email column to the users table") are processed in
SKILL.mdandREADME.mdinstructions. - Boundary markers: No explicit delimiters or boundary markers are present to separate user-provided data from system instructions during the SQL generation phase.
- Capability inventory: The skill possesses file-write capabilities (writing
.sqlfiles to the/migrations/directory) and is triggered by operations that execute high-privilege database commands (ALTER,CREATE,DROP). - Sanitization: No automated sanitization, linting, or validation of the generated SQL is implemented; the skill relies entirely on human review for safety.
- [Command Execution] (LOW): The core functionality involves the generation and management of powerful database commands. Although the skill mandates a human-in-the-loop (HITL) confirmation before execution, the inherent risk of executing commands that can lead to data loss or system compromise remains.
Audit Metadata