Skills
skills/pingcap/agent-rules/tidb-sql/Gen Agent Trust Hub

tidb-sql

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection because it processes untrusted user-provided SQL for review and adaptation. Specifically, it instructs the agent to use EXPLAIN ANALYZE for diagnostics, which executes the query in the database. This creates an execution path for malicious SQL embedded in user requests.
  • Ingestion points: User-provided SQL snippets (SKILL.md, mysql-compatibility-notes.md).
  • Boundary markers: Absent; no instructions for delimiting or sanitizing user SQL are provided.
  • Capability inventory: Query execution via EXPLAIN ANALYZE, database state modification via FLASHBACK, and statistics modification via ANALYZE TABLE.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION] (LOW): The skill includes a shell script scripts/render_dot_png.sh that executes the Graphviz dot utility. While intended for local rendering of execution plans, it represents a local command execution capability provided by the skill.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 07:18 AM