sql-databases
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): No sensitive data, hardcoded credentials, or network exfiltration patterns were detected. The validation script only reads local configuration files within the skill directory.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external downloads, package installations (npm/pip), or remote script execution (curl | bash) patterns were found. The skill relies on standard Python libraries.
- Dynamic Execution (SAFE): No dynamic code execution (eval/exec) or unsafe deserialization was detected. The validation script correctly uses
yaml.safe_load()to process configuration files, preventing arbitrary code execution during parsing. - Indirect Prompt Injection (SAFE): While the skill processes configuration data, it does so using a validation script with no exploitable capabilities (no network, no subprocesses, no file writes). The risk of injection via config files is negligible in this context.
Audit Metadata