text-to-sql
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or data exfiltration attempts were identified in the skill instructions or scripts.
- [SAFE]: The skill incorporates robust defensive instructions ('Iron Laws') that mandate parameterized queries and schema validation, specifically designed to prevent SQL injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The documentation mentions
promptfoo, which is a well-known and widely used industry tool for evaluating LLM prompts and outputs. Its reference in the context of skill evaluation is standard developer practice. - [COMMAND_EXECUTION]: Shell scripts provided for pre- and post-execution hooks are limited to basic input validation and project directory traversal using standard Node.js APIs.
Audit Metadata