databases
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides instructions for executing database CLI tools and managing system services using
systemctl. It also includessudocommands for software installation, which is a standard requirement for database setup but represents a privileged operation. Additionally, the migration manager (db_migrate.py) dynamically executes SQL and MongoDB operations from JSON files. - [EXTERNAL_DOWNLOADS] (LOW): The skill documentation references the installation of official database drivers and tools via
aptandnpm. These are considered low risk per [TRUST-SCOPE-RULE] as they originate from trusted official repositories. - [PROMPT_INJECTION] (LOW): The skill's architecture for analyzing slow queries and database logs creates a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Performance analysis scripts (
db_performance_check.py) process query strings that could be attacker-controlled. - Boundary markers: No explicit delimiters are documented to prevent the agent from interpreting instructions within database records.
- Capability inventory: The agent can execute database commands, perform migrations, and run backups.
- Sanitization: The provided materials do not specify input sanitization for database content.
Audit Metadata