database-expert
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an inherent vulnerability to indirect prompt injection (Category 8). It processes untrusted external data in the form of code snippets and database schemas while having access to sensitive tools, creating a risk that malicious instructions within the analyzed data could hijack the agent's behavior.
- Ingestion points: The skill ingests user-provided code and database schemas for review and refactoring purposes as described in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions to treat user-provided data as non-executable text, which is necessary to prevent the agent from obeying instructions embedded within the reviewed code.
- Capability inventory: The skill defines access to several high-privilege tools including Bash, Read, Write, Edit, Grep, and Glob in SKILL.md.
- Sanitization: The instructions do not specify any validation, escaping, or filtering of the external code being processed.
Audit Metadata