Skills
skills/pingcap/agenticstore/pytidb/Gen Agent Trust Hub

pytidb

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains templates that represent surfaces for Indirect Prompt Injection, where untrusted data could influence agent behavior.
  • Ingestion points: User-provided questions in templates/text2sql.py, conversation history in templates/memory_lib.py, and retrieved database context in templates/rag.py.
  • Boundary markers: templates/rag.py uses visual delimiters (---------------------) in the prompt template to separate context from instructions.
  • Capability inventory: The skill scripts perform database queries (db.query), record insertions (table.insert), and external LLM calls using litellm and openai (all contained within templates/ and scripts/).
  • Sanitization: templates/text2sql.py implements an is_readonly_sql check that validates if the query starts with read-only keywords like SELECT, SHOW, or DESCRIBE.
  • [COMMAND_EXECUTION]: The templates/text2sql.py script executes dynamic SQL generated by an external LLM.
  • Evidence: The script calls db.query(sql) on the string generated by the OpenAI API.
  • Mitigation: The implementation includes a mandatory human-in-the-loop confirmation step (input("Execute this query? [y/N] ")) before any generated SQL is sent to the database.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 04:19 PM