database-integration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill generates SQL, migrations, and ORM schemas based on user-provided natural language, creating a significant indirect prompt injection surface.\n
- Ingestion points: User task descriptions are ingested via the agent prompt interface as seen in references/GUIDE.md.\n
- Boundary markers: None found. The skill does not implement delimiters or 'ignore embedded instructions' warnings for the data it processes.\n
- Capability inventory: The skill produces executable SQL and migration scripts which, if applied by an agent or user, can modify or delete data.\n
- Sanitization: Validation in scripts/validate.py and SKILL.md only checks for parameter existence and enum membership, not the safety of the string content used for code generation.\n- [Metadata Poisoning] (LOW): The skill metadata is inconsistent; assets/config.yaml and scripts/validate.py label the skill as 'testing' category, while its actual function is database integration.
Audit Metadata