sql-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown (.md) files. There are no executable scripts (Python, JavaScript, Shell), binaries, or specific instructions that would modify an AI agent's behavior.\n- [EXTERNAL_DOWNLOADS] (SAFE): The automated security alert regarding 'orders.id' is a false positive. In the context of the SQL code examples provided (e.g., in 'references/query-optimization.md'), 'orders.id' is a standard syntax for referencing the 'id' column in the 'orders' table (table.column) and does not function as a malicious domain or URL.\n- [PROMPT_INJECTION] (SAFE): There are no prompt injection attempts, safety filter bypasses, or instructions to ignore previous rules. The documentation actually promotes security best practices by illustrating how to prevent SQL injection using parameterized queries.\n- [DATA_EXFILTRATION] (SAFE): No hardcoded API keys, credentials, or sensitive file paths were detected. All examples use generic placeholders (e.g., 'john@example.com') and common database table names.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata