polardbx-zero
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation and API usage instructions for provisioning database instances, with no associated executable scripts, binaries, or configuration files provided.\n- [EXTERNAL_DOWNLOADS]: The skill references API endpoints on the vendor-owned domain zero.polardbx.com to facilitate instance provisioning, which is consistent with the stated purpose of the PolarDB-X Zero service.\n- [PROMPT_INJECTION]: The ability to connect to and query an external database creates a potential surface for indirect prompt injection if untrusted data is processed by the agent.\n
- Ingestion points: Data records and tool outputs retrieved from the provisioned PolarDB-X instance via SQL queries.\n
- Boundary markers: No explicit markers or instructions are provided to separate database content from agent instructions.\n
- Capability inventory: Full admin privileges on a MySQL-compatible distributed database with vector search and transactional support.\n
- Sanitization: No sanitization, validation, or escaping procedures are defined for data retrieved from the database.
Audit Metadata