pipes-deployment
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The file 'CLICKHOUSE_MCP_USAGE.md' instructs the user to install 'mcp-clickhouse' via 'pipx'. This represents an external dependency from a non-whitelisted source.\n- COMMAND_EXECUTION (LOW): The 'RAILWAY_PRE_FLIGHT_CHECKLIST.md' suggests executing local commands such as 'bun run dev' and 'curl' for pre-deployment validation. These are intended for user-initiated manual testing.\n- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface through the ingestion of external data.\n
- Ingestion points: Data returned from the 'run_select_query' tool in 'CLICKHOUSE_MCP_USAGE.md'.\n
- Boundary markers: Absent; there are no specific instructions or delimiters to prevent the agent from interpreting database contents as instructions.\n
- Capability inventory: The agent can execute SQL queries and perform subsequent actions based on the results.\n
- Sanitization: Absent; database outputs are processed directly by the model context.\n- CREDENTIALS_UNSAFE (SAFE): The documentation uses 'default' as a placeholder for database user and password credentials, which is standard for local ClickHouse environments and does not constitute a secret leak.
Audit Metadata