Skills
skills/nimrodfisher/data-analytics-skills/data-catalog-entry/Gen Agent Trust Hub

data-catalog-entry

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python functions extract_table_metadata and assess_data_quality in SKILL.md use f-strings to construct SQL queries, such as f"SELECT * FROM {schema}.{table_name} LIMIT 5". This pattern is susceptible to SQL injection if the schema or table name variables are influenced by untrusted external input.
  • [CREDENTIALS_UNSAFE]: The extract_table_metadata function call in SKILL.md provides an example connection_string with hardcoded credentials: postgresql://user:pass@host:5432/db. This practice encourages users to hardcode sensitive credentials in scripts.
  • [DATA_EXFILTRATION]: The skill extracts sample data from database tables (SELECT * FROM ... LIMIT 5) and writes it to local JSON and Markdown files. If the database contains sensitive information or PII, this data is exposed in plaintext on the local file system.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external database schema metadata and business context into a generated report without using boundary markers or sanitization.
  • Ingestion points: Database schema (table and column names), business context descriptions, and use case lists in SKILL.md.
  • Boundary markers: Not present.
  • Capability inventory: Database access via SQLAlchemy and local file writing (open(..., 'w')) as seen in Step 1 and Step 7.
  • Sanitization: None observed for the ingested metadata content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 03:18 AM