dx-data-navigator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (SQL injection) because it instructs the agent to construct raw SQL queries using user-provided parameters like team names or metric identifiers.
- Ingestion points: Untrusted user input for query filters enters the agent context through natural language questions (SKILL.md).
- Boundary markers: Absent. The skill does not provide delimiters or instructions to treat user data as untrusted text.
- Capability inventory: The 'mcp__dx-mcp-server__queryData' tool allows the execution of arbitrary SQL statements on the target database (SKILL.md).
- Sanitization: Absent. The skill provides query templates but lacks instructions for validating, escaping, or sanitizing user input before it is interpolated into SQL strings.
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary SQL commands through an MCP tool. While this is the intended use case for analyzing engineering data, it provides broad access to the database schema, making security dependent on the underlying database user's limited permissions.
Audit Metadata