data-catalog-entry
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains Python code that utilizes
sqlalchemyandpandasto execute queries against external databases. This includes functions likeextract_table_metadataandassess_data_qualitywhich perform data inspection and retrieval. - [COMMAND_EXECUTION]: The skill performs local file system operations by writing generated metadata to Markdown and JSON files (e.g.,
open(..., 'w')). - [CREDENTIALS_UNSAFE]: The code includes a hardcoded connection string template
postgresql://user:pass@host:5432/db. While used as an example, this pattern encourages the use of plain-text credentials in skill code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the following vectors:
- Ingestion points: The
extract_table_metadatafunction reads sample data and schema information directly from a database. - Boundary markers: No delimiters or instructions are present to prevent the agent from interpreting data from the database as instructions.
- Capability inventory: The skill possesses SQL execution capabilities via
sqlalchemyand file system write access. - Sanitization: Database identifiers (schema, table names) are interpolated into SQL queries using f-strings without escaping or validation, presenting a SQL injection surface.
Audit Metadata