Skills
skills/nomadamas/autorag-research/autorag-query/Gen Agent Trust Hub

autorag-query

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (query_executor.py) using the uv run command to perform database operations.
  • [PROMPT_INJECTION]: The skill implements a Text-to-SQL workflow which is vulnerable to indirect prompt injection. A user could potentially craft natural language inputs designed to influence the generated SQL query.
  • Ingestion points: User-provided natural language queries are processed by the agent to generate SQL code.
  • Boundary markers: The SKILL.md file provides clear instructions to the agent to only generate SELECT statements and exclude specific columns.
  • Capability inventory: The skill has the capability to execute SQL queries via sqlalchemy and read the schema.sql reference file.
  • Sanitization: The query_executor.py script includes a validate_query function that checks for forbidden DDL/DML keywords (e.g., DROP, DELETE, INSERT) and dangerous system functions. It also wraps queries in a subquery to enforce a LIMIT and uses execution timeouts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 08:37 AM