Skills
skills/peachsolution/peach-harness/peach-db-migrate/Gen Agent Trust Hub

peach-db-migrate

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands via the bun run runtime to perform database operations (db:status-dev, db:up-dev, db:down-dev). These commands have direct access to the local development environment and database.
  • [CREDENTIALS_UNSAFE]: The skill documentation explicitly points the agent to api/db/dev.env to verify connection details if a database connection failure occurs. This file is a sensitive configuration path that typically contains plaintext credentials like DATABASE_URL.
  • [PROMPT_INJECTION]: The bun run db:new {migration_name} command incorporates user-supplied text directly into a shell execution string, creating a surface for indirect prompt injection or command injection.
  • Ingestion points: User-provided {migration_name} passed via natural language instructions.
  • Boundary markers: None. The variable is interpolated directly into the bash command string.
  • Capability inventory: Execution of shell commands via bun run across multiple workflows in SKILL.md.
  • Sanitization: None. There are no instructions or scripts provided to validate or escape special shell characters (e.g., ;, &&, `) in the user input before it is executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 01:12 AM