clickhouse-cloud-management
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute curl commands for database operations and op commands for credential management. This is consistent with its stated purpose of cloud management.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted database metadata.
- Ingestion points: Data enters the agent context via output from commands like SHOW USERS, SHOW TABLES, and DESCRIBE TABLE in SKILL.md and references/sql-patterns.md.
- Boundary markers: No delimiters or safety instructions are used to separate database output from agent instructions.
- Capability inventory: The skill uses Bash to perform network requests (curl) and access local credentials (op).
- Sanitization: There is no evidence of filtering or validation of the data returned from the ClickHouse instance before processing.
Audit Metadata