peach-gen-db
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read sensitive local configuration files.
- Evidence: The skill explicitly directs the agent to read
api/src/environments/env.local.ymlto determine the database type from theDATABASE_URLfield. - Risk: Accessing environment files like
.envorenv.local.ymlexposes sensitive credentials and connection strings to the model's context, increasing the risk of exposure. - [COMMAND_EXECUTION]: The skill encourages the execution of shell commands and database migrations.
- Evidence: The documentation suggests running
cd api && bun run db:up-devto apply generated migration files. - Risk: If the migration files generated by the agent contain malicious SQL (e.g., due to indirect injection), these commands will execute that SQL against the developer's database.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of external project documentation.
- Ingestion points: The skill parses PRD documents located at paths like
docs/spec/{년}/{월}/pdj-*.md(SKILL.md). - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores instructions embedded within the PRD data.
- Capability inventory: The skill has the capability to write files to the local filesystem (
api/db/migrations/) and execute shell commands (bun run db:up-dev). - Sanitization: Absent. The skill maps input fields from the documentation directly into SQL templates without validation or escaping logic.
Audit Metadata