cc-skill-clickhouse-io
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides code patterns that demonstrate an indirect prompt injection surface through unsanitized data handling.\n
- Ingestion points: The
tradesinput parameter inbulkInsertTradesand the PostgreSQL notification payload in the CDC listener example directly accept data from external or upstream sources.\n - Boundary markers: No delimiters or specific instructions are used to distinguish user-provided data from the SQL query structure.\n
- Capability inventory: The code patterns utilize
clickhouse.queryandclickhouse.insert, providing the ability to execute analytical queries and data modifications on a ClickHouse database.\n - Sanitization: The provided TypeScript snippets use template literals for string interpolation (e.g.,
'${trade.id}') without escaping or the use of parameterized queries, which represents a significant vulnerability surface for SQL injection.
Audit Metadata