database
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically imports and executes JavaScript files from the
src/db/migrations/andsrc/db/seeds/directories. While this is the intended mechanism for running database migrations and seeds, it creates a vector for executing arbitrary code if malicious files are placed in these directories. - Ingestion points: The skill reads file names from the local file system using
readdirinsrc/db/migrate.jsandsrc/db/seed.js. - Boundary markers: No boundary markers or integrity checks are present to verify the source or content of the scripts before execution.
- Capability inventory: Loaded scripts execute arbitrary logic and database queries via the provided
dbpool. - Sanitization: No validation or sandboxing of the script content is performed.
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary SQL queries defined in migration and seed files. This functionality is essential for database management but allows for high-impact operations that must be restricted to trusted migration scripts.
Audit Metadata