sql-to-business-logic
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
sqlparsePython package to perform structural analysis of SQL queries. - [COMMAND_EXECUTION]: The file contains extensive Python logic (e.g.,
parse_sql_structure,translate_select) designed to be executed by the agent to automate the translation process. These scripts utilize string manipulation and keyword matching. - [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided SQL queries. This is an indirect prompt injection surface where instructions could theoretically be embedded in the data provided for translation.
- Ingestion points: SQL Query input defined in 'Context Requirements'.
- Boundary markers: Uses programmatic string splitting and SQL keyword identification (e.g., 'FROM', 'WHERE') to isolate query components.
- Capability inventory: Python interpreter access for logic execution; string processing; no network or file-write capabilities are requested by the scripts themselves.
- Sanitization: The provided logic performs direct parsing of the input string without explicit sanitization against embedded natural language instructions.
Audit Metadata