mssql
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill ingests data from external SQL databases, creating a surface for potential indirect prompt injection. However, this risk is mitigated by the skill's restricted capability set and read-only enforcement.\n
- Ingestion points: SQL query results returned from databases via the scripts/query.py utility.\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the database output as untrusted content.\n
- Capability inventory: The toolset is strictly limited to read-only SQL operations (SELECT, SHOW, etc.) and does not expose file system modification or outbound network capabilities (other than the database connection itself).\n
- Sanitization: The skill enforces a whitelist of allowed SQL commands and claims to sanitize error messages to prevent the leakage of database credentials.
Audit Metadata