database-query
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell-based CLI tools (psql and mysql) to execute queries. Directly interpolating SQL strings into shell commands without explicit sanitization logic creates a high risk of command injection, where a malicious user could execute arbitrary system commands by breaking out of the SQL string quotes.
- [CREDENTIALS_UNSAFE]: The MySQL command template uses the -p"$MYSQL_PASSWORD" flag. Providing passwords directly as command-line arguments is insecure because they can be visible to other users or processes on the system (e.g., via ps or /proc) and may be captured in shell history or audit logs.
- [DATA_EXFILTRATION]: The skill provides a mechanism to query and retrieve data from databases. If the agent's instructions (like using LIMIT) are bypassed or if credentials have excessive permissions, it could be used to exfiltrate sensitive user data or entire database tables.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Database query results from PostgreSQL and MySQL as shown in SKILL.md.
- Boundary markers: Absent; results are returned directly without delimiters or safety warnings.
- Capability inventory: Subprocess execution of shell commands using psql and mysql CLI clients.
- Sanitization: No evidence of escaping, filtering, or validation of database content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata