clickhouse-io
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION]: The TypeScript code examples for database interaction, specifically the
bulkInsertTradesandinsertTradefunctions, demonstrate manual assembly of SQL command strings using template literals. This pattern is inherently vulnerable to SQL injection if the source data (e.g., trade IDs or amounts) contains malicious payloads.\n- [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for ingesting and processing untrusted data from external sources.\n - Ingestion points: The
bulkInsertTradesfunction argument and the PostgreSQL CDCnotificationlistener in the TypeScript snippets.\n - Boundary markers: Absent; SQL commands are built without delimiters or instructions to ignore embedded commands.\n
- Capability inventory:
clickhouse.queryandclickhouse.insertcapabilities are used to execute the constructed SQL.\n - Sanitization: Absent; the code lacks parameterization or escaping logic, allowing raw data to influence the SQL command structure.\n- [EXTERNAL_DOWNLOADS]: The skill references external Node.js dependencies
clickhouseandpg. While these are well-known and legitimate libraries for database connectivity, they represent external code that must be installed for the examples to function.
Audit Metadata