Skills
skills/salvo-rs/salvo-skills/salvo-database/Gen Agent Trust Hub

salvo-database

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The skill contains hardcoded database connection strings with embedded credentials. While common as documentation placeholders, they match high-severity patterns for credential exposure. Evidence: 'postgres://user:pass@localhost/db' in SKILL.md.
  • PROMPT_INJECTION (HIGH): The skill defines an indirect prompt injection surface by ingesting untrusted data from HTTP requests and performing database operations. Ingestion points: JsonBody and PathParam in SKILL.md. Boundary markers: Absent. Capability inventory: Database write (INSERT, UPDATE) and read (SELECT). Sanitization: Present, uses SQL parameter binding.
  • EXTERNAL_DOWNLOADS (LOW): References standard Rust crates from crates.io. Per [TRUST-SCOPE-RULE], these are considered low risk as standard dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:09 PM