database-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill workflow involves executing local tools and scripts such as sync_db, check_db.py, and migrate_db.py via uv run and sqlite3, allowing for arbitrary local command execution within the agent environment.
- [DATA_EXFILTRATION] (MEDIUM): The sync_db tool is used to download the production trades.db database via SSH. Accessing and moving production financial data constitutes a significant data exposure risk, though the severity is adjusted as this is the primary stated purpose of the skill.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for indirect prompt injection through the processing of production trade data. Evidence Chain: 1. Ingestion points: trades.db (via sync_db); 2. Boundary markers: Absent; 3. Capability inventory: Subprocess calls via uv run, sqlite3, and SSH; 4. Sanitization: No sanitization or validation of database content is specified before analysis.
Audit Metadata