postgres
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
psqlcommand-line utility to interact with databases. While this is the primary function, the use of shell interpolation for the$DATABASE_URLenvironment variable and potentially for dynamic SQL queries poses a risk of command injection if the agent does not strictly sanitize input before execution.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes and displays untrusted data retrieved from database queries. - Ingestion points: Output from SQL queries executed via
psql(SKILL.md). - Boundary markers: None present; the skill does not use delimiters or instructions to ignore embedded commands in the query results.
- Capability inventory: Shell command execution via
psql(SKILL.md). - Sanitization: No sanitization or validation of the data returned from the database is performed before it is presented to the agent context.
Audit Metadata