Skills
skills/physics91/claude-vibe/schema-reviewer/Gen Agent Trust Hub

schema-reviewer

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

The provided skill file, SKILL.md, is entirely composed of Markdown content. It serves as a detailed guide for an AI agent on how to perform database schema reviews, covering aspects like normalization, constraints, data types, indexing, and relationship design. The file includes examples of SQL code to illustrate good and bad practices, but these are presented as static text within the markdown and are not executable commands within the skill's definition.

Threat Category Analysis:

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', role-play instructions, attempts to bypass safety guidelines) were found in the skill's name, description, or content.
  2. Data Exfiltration: The skill does not contain any commands or code that could read sensitive files (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or perform network requests to exfiltrate data to external servers.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were detected that could hide malicious instructions or commands.
  4. Unverifiable Dependencies: The skill does not include any instructions to install external packages (e.g., npm install, pip install) or clone repositories. It is a self-contained, descriptive document.
  5. Privilege Escalation: There are no commands like sudo, chmod, or instructions for installing services that could lead to privilege escalation.
  6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs, or systemd services) were found.
  7. Metadata Poisoning: The name and description fields in the skill's frontmatter are benign and accurately reflect its purpose. No malicious instructions were embedded in metadata.
  8. Indirect Prompt Injection: While the skill itself is safe, its function involves reviewing user-provided database schemas. Any external schema definitions provided by a user could potentially contain malicious instructions intended to manipulate the AI's behavior. This is an inherent risk for any skill that processes user-supplied data, but it is not a vulnerability within the skill's own definition.
  9. Time-Delayed / Conditional Attacks: No conditional logic based on time, usage, or environment variables was found.

Conclusion: This skill is a purely informational and instructional document. It does not contain any executable components or external calls that could introduce security vulnerabilities. Therefore, it is classified as SAFE and falls under the NO_CODE category.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 09:40 PM