Skills
skills/terrylica/cc-skills/clickhouse-cloud-management/Gen Agent Trust Hub

clickhouse-cloud-management

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill documents and uses patterns where sensitive database credentials (username and password) are embedded directly in the URL for curl commands, such as https://USER:PASSWORD@HOST:443/. This is an insecure practice as credentials in URLs can be exposed in shell history, process listings, and network logs.
  • [COMMAND_EXECUTION]: The skill extensively uses the Bash tool to execute curl for database operations and the op (1Password) CLI to retrieve secrets from an engineering vault.
  • [EXTERNAL_DOWNLOADS]: The skill fetches sensitive data from 1Password's cloud service using the op command-line interface.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating variables retrieved from external tools (like op) directly into shell commands and SQL statements.
  • Ingestion points: Credentials and configuration data are ingested via the op item get command in SKILL.md.
  • Boundary markers: No specific delimiters or warnings are used to prevent the agent from interpreting instructions potentially embedded in the retrieved data.
  • Capability inventory: The skill uses Bash to execute curl and op commands, which can be manipulated if the input data is compromised.
  • Sanitization: There is no evidence of sanitization or validation of the hostnames or credentials before they are used in shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 03:55 AM