sap-datasphere
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official
@sap/datasphere-clifrom SAP (a well-known service) and the third-party@mariodefe/sap-datasphere-mcppackage for core functionality. These are fetched from standard registries (npm). - [COMMAND_EXECUTION]: The skill enables the execution of SQL, SQLScript, and 'smart queries' against a live SAP Datasphere tenant using the provided MCP tools. It also provides a reference for the
dataspherecommand-line tool. - [DATA_EXFILTRATION]: To enable live tenant interaction, the skill handles sensitive OAuth 2.0 credentials (Client ID and Secret). The documentation correctly instructs users to manage these via environment variables or
.envfiles rather than hardcoding them, which aligns with security best practices. - [PROMPT_INJECTION]: As the skill ingests metadata, catalog search results, and table previews from an external SAP tenant, it possesses a surface for indirect prompt injection. Malicious content stored within the tenant (e.g., in table descriptions or data fields) could theoretically influence the agent's output, though this is a low-risk inherent characteristic of data-processing skills.
- [CREDENTIALS_UNSAFE]: The documentation and examples use clear placeholders (e.g.,
your-oauth-client-id,xxx) for all sensitive configuration fields, preventing the exposure of actual secrets.
Audit Metadata