claimable-postgres
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Provisions database environments via the official pg.new API and the get-db utility CLI.\n- [COMMAND_EXECUTION]: Executes curl, npx, and psql commands to provision, configure, and seed the database environment.\n- [PROMPT_INJECTION]: The database seeding functionality processes external SQL scripts, creating a surface for indirect prompt injection.\n
- Ingestion points: Processes seed.sql files or SQL content provided in the project context.\n
- Boundary markers: Not specified in the skill instructions for the agent when handling SQL data.\n
- Capability inventory: Includes shell command execution (psql) and the ability to modify local environment configuration files (.env).\n
- Sanitization: No sanitization or validation of the SQL content is performed prior to execution.
Audit Metadata