mysql
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Data retrieved from external MySQL databases is presented to the AI agent without protective boundary markers or instructions to ignore embedded commands. * Ingestion points: The script
scripts/query.pyfetches and outputs content from remote databases via theexecute_queryfunction. * Boundary markers: Absent; database results are printed directly with basic column formatting and no isolation delimiters. * Capability inventory: The skill can execute SQL queries, list tables, and show schemas. It includes a client-side regex check and a server-side read-only session setting to prevent write operations. * Sanitization: Column values are truncated to 100 characters, but the script does not sanitize or escape potential instructions within the retrieved data. - [CREDENTIALS_UNSAFE]: The skill requires database credentials (host, user, password) to be stored in a local
connections.jsonfile in plaintext. While the script performs a file permission check on Unix-like systems, the host and authentication details remain unencrypted on the filesystem.
Audit Metadata