how-to-export-sqlite-tables-to-create-statements
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The tutorial instructs the user to add the 'sqlite3' and 'mustache_template' packages. Per [TRUST-SCOPE-RULE], these are standard packages from the pub.dev registry and are considered low risk.\n- COMMAND_EXECUTION (LOW): The skill provides shell commands for directory creation and Flutter project initialization (
mkdir,flutter create).\n- Indirect Prompt Injection (LOW): The code demonstrates a vulnerability surface where untrusted data could influence agent output.\n - Ingestion points: Table names and index names are read from the
sqlite_mastertable.\n - Boundary markers: None are used in the SQL generation template.\n
- Capability inventory: The code executes database queries via
db.select().\n - Sanitization: None; table names are interpolated directly into PRAGMA statements (e.g.,
PRAGMA table_info($t)), which is a SQL injection vulnerability if the database schema is attacker-controlled.
Audit Metadata