platform-database
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to override system prompts, bypass safety filters, or ignore previous instructions were found in the skill body or metadata.
- Data Exposure & Exfiltration (SAFE): No access to sensitive file paths (~/.ssh, .env) or hardcoded credentials. No unauthorized network operations or calls to non-whitelisted domains were identified.
- Obfuscation (SAFE): All content is in plain markdown and SQL/TypeScript code snippets. No Base64, zero-width characters, or homoglyph attacks were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include package management files (package.json, requirements.txt) or any scripts that download and execute remote code. It consists entirely of documentation and guidance.
- Privilege Escalation (SAFE): No commands for acquiring elevated permissions (sudo, chmod 777) or modifying system configurations were found.
- Persistence Mechanisms (SAFE): No attempts to create cron jobs, modify shell profiles, or establish startup services were detected.
- Indirect Prompt Injection (SAFE): While the skill is designed to process user-provided database schemas (untrusted data), it does not possess dangerous capabilities (like executing shell commands based on that data). The risk is negligible and consistent with standard coding assistant behavior.
Audit Metadata