pgtool
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill is designed to execute SQL queries as its primary function. It uses the standard
pglibrary and does not execute arbitrary system commands. This behavior is expected and correctly scoped to the primary purpose of the skill. - EXTERNAL_DOWNLOADS (SAFE): The skill setup script (
pgtool.ps1) usesbun installto download standard dependencies from the npm registry. No untrusted third-party script downloads or piped remote executions (curl|bash) were detected. - CREDENTIALS_UNSAFE (SAFE): Database credentials are managed securely. The skill does not contain hardcoded secrets and instead relies on a user-provided
.pgtool.jsonfile or environment variables to establish connections. - INDIRECT PROMPT INJECTION (SAFE): The skill processes data from database tables which could theoretically contain untrusted instructions.
- Ingestion points: Database rows and metadata returned from SQL queries in commands like
query,sample, anddescribe. - Boundary markers: Documentation in
SKILL.mdincludes best practices for the agent, such as using LIMIT and parameterized values, though explicit boundary delimiters are not enforced in code. - Capability inventory: SQL execution via the
pglibrary inconnection.tsacross multiple command files. - Sanitization: Metadata queries are parameterized; the raw query command is the intended interface for user-directed database interaction and does not auto-execute untrusted strings from DB content.
Audit Metadata