schema-query
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill translates user input into SQL commands via Claude, creating a surface for prompt injection. 1. Ingestion points: User natural language queries via CLI arguments. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Local DuckDB access and network requests to Anthropic API. 4. Sanitization: None mentioned; the system relies on LLM-side safety filters.
- COMMAND_EXECUTION (LOW): The skill executes shell commands using
uv runandjustto perform queries and schema exploration. It also executes dynamically generated SQL against thecdm_store.dbdatabase, which could lead to unintended data access if the LLM is successfully manipulated. - DATA_EXFILTRATION (SAFE): While the skill accesses a local database and sends data to Anthropic for processing, it uses official API endpoints and does not show evidence of exfiltration to unauthorized domains.
Audit Metadata