redshift
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Python
subprocessmodule to invoke the official AWS CLI (aws). This is the intended mechanism for performing operations against the Redshift Data API, such as executing statements and retrieving results. - [SAFE]: A mandatory validation layer is implemented in
scripts/lib/client.py. This 'read-only guard' cross-references every SQL statement against a whitelist of allowed keywords (SELECT, WITH, SHOW, DESCRIBE, EXPLAIN, SET) and explicitly blocks multi-statement queries to prevent unauthorized database modifications. - [SAFE]: The interactive setup utility (
scripts/setup.py) reads local AWS configuration files (~/.aws/configand~/.aws/credentials) to help the user select a connection profile. This operation is limited to reading profile names during the initial configuration phase. - [SAFE]: The skill exhibits safe data handling practices by automatically saving full query results to a dedicated local directory (
~/redshift-exports/) and providing the agent with only a limited preview of the data, which mitigates potential resource exhaustion and large-scale data exposure in the agent's context. - [SAFE]: Potential indirect prompt injection risks are managed through structured data processing and query validation.
- Ingestion points: Data entering the system originates from Redshift Data API responses or previously exported local CSV/JSON files.
- Boundary markers: Output is formatted into clear column-and-row structures with headers.
- Capability inventory: Capabilities are restricted to AWS CLI calls and local file writing within the exports directory.
- Sanitization: All incoming SQL strings are scrubbed of comments and validated for read-only status before being passed to the execution engine.
Audit Metadata