postgres
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes shell commands using the psql binary to interact with PostgreSQL databases. This capability allows for full database control and potential shell access via the psql -c flag.
- [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection as the skill transforms natural language directly into SQL queries without validation. 1. Ingestion points: User prompts (SKILL.md examples). 2. Boundary markers: None. 3. Capability inventory: psql execution, schema management, and data deletion. 4. Sanitization: None.
- [DATA_EXFILTRATION] (MEDIUM): The skill manages sensitive database credentials via environment variables. The inclusion of curl and jq in the metadata provides the necessary tools for an attacker to exfiltrate database contents after gaining query access through injection or agent manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata