sap-hana-cli
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill guides users to store database passwords in plain-text local files such as default-env.json, .env, and .cdsrc-private.json for persistent connections. The hana-cli tool is also noted to save these credentials to the filesystem by default.
- [DATA_EXFILTRATION]: Facilitates the exposure of sensitive database secrets by managing their storage in local configuration files and user-level directories like ~/.hana-cli/.
- [COMMAND_EXECUTION]: Enables the execution of arbitrary SQL queries, stored procedures, and administrative CLI commands for managing database objects, HDI containers, and SAP HANA Cloud instances.
- [EXTERNAL_DOWNLOADS]: Recommends installing the hana-cli package from npm and references official SAP sample repositories and BTP CLI installation scripts from recognized technology vendors.
- [PROMPT_INJECTION]: The natural language MCP integration processes database metadata (e.g., table names) and sample data, creating a surface for indirect prompt injection. Ingestion points: Database schema definitions and row data samples entering the agent's context via describe_table and sample_data tools. Boundary markers: Absent. Capability inventory: SQL execution, container management, and cloud instance control. Sanitization: No evidence of escaping database content to prevent instruction injection is provided.
Audit Metadata