schema-mapper
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the processing of external database metadata.
- Ingestion points: Database schema metadata including table names, column names, and constraints are fetched via SQLAlchemy's
inspectmodule inSKILL.md. - Boundary markers: Absent. The skill instructions do not define delimiters or provide specific warnings to the agent to disregard potential instructions embedded within the database metadata.
- Capability inventory: The skill has the capability to write to the local file system using
pandas.to_csv()and Python'sopen().write()methods to create documentation and ERD diagrams as seen inSKILL.md. - Sanitization: Absent. The skill logic directly interpolates metadata into string templates for Markdown files and Mermaid diagrams without sanitizing or escaping the content, relying on the agent's interpretation of the metadata strings.
Audit Metadata