optimize-queries
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted SQL queries provided by users to perform database performance analysis.\n
- Ingestion points: User-provided query examples used for optimization analysis (found in SKILL.md).\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for the input queries.\n
- Capability inventory: The skill utilizes Bash, Write, and Edit tools to execute EXPLAIN ANALYZE (which runs the query in the database) and to create migration files with optimizations.\n
- Sanitization: Absent. The skill does not instruct the agent to validate or sanitize the SQL content before processing or implementation, which could allow a malicious user to trigger unintended database operations.
Audit Metadata