database-migrator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands (e.g., pg_dump, mysqldump, psql, mongoexport) using parameters like database names, table names, and connection strings provided by the user or discovered during schema analysis. There is a risk of command injection if the agent does not properly sanitize these parameters before shell execution.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the source database, specifically metadata such as table/column comments, trigger definitions, and stored procedure logic. An attacker who has modified the source database schema could embed malicious instructions in these metadata fields to influence the agent's script generation or planning logic.
- Ingestion points: Reads metadata from database system catalogs (e.g., information_schema, pg_description, pg_proc) and MongoDB collection samples.
- Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious content within the ingested schema metadata.
- Capability inventory: The agent has the ability to execute shell commands (Bash) and write files to the local system (Write), which could be misused if influenced by injected instructions.
- Sanitization: There is no mention of sanitizing or escaping the extracted metadata before it is processed or interpolated into generated scripts.
Audit Metadata