postgres-query-expert
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The skill provides standard instructional content without any attempts to override agent behavior or bypass safety filters. It explicitly instructs the agent to use parameterization for safety.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. The SQL queries provided for introspection are standard database management practices.
- Obfuscation (SAFE): The content is clear and uses standard Markdown/SQL syntax. No hidden encoding or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external packages or remote scripts are downloaded or executed. The skill only utilizes standard file system tools (Read, Grep, Glob).
- Privilege Escalation (SAFE): There are no commands targeting system-level privileges or administrative escalation. Database administrative commands (e.g., pg_terminate_backend) are provided as reference material for query management.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were found.
- Indirect Prompt Injection (SAFE): The skill is a static reference and does not define logic for processing untrusted external data in a way that would trigger secondary actions. It encourages parameterization which mitigates injection risks at the application level.
- Dynamic Execution (SAFE): The skill does not generate or execute code at runtime using unsafe methods like eval() or library injection.
Audit Metadata