Skills
skills/vanman2024/ai-dev-marketplace/async-sqlalchemy-patterns/Gen Agent Trust Hub

async-sqlalchemy-patterns

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The script scripts/setup-alembic.sh automatically installs the alembic package using pip. Although alembic is a standard and reputable package, unpinned external installations increase the supply chain attack surface.
  • COMMAND_EXECUTION (LOW): The scripts scripts/generate-migration.sh and scripts/test-connection.sh use a shell pattern to load variables from .env files: export $(grep -v '^#' "$PROJECT_ROOT/.env" | xargs). This pattern is susceptible to command injection if the .env file contains shell command substitutions (e.g., KEY=$(malicious_command)).
  • COMMAND_EXECUTION (LOW): scripts/test-connection.sh generates a temporary Python script at /tmp/test_db_connection.py and executes it. While the script content is hardcoded in the bash script, generating and executing code at runtime is a dynamic execution pattern.
  • CREDENTIALS_UNSAFE (SAFE): Files like templates/alembic.ini and templates/session_manager.py contain placeholder database URLs (user:password@localhost). These are clearly example values for templates and do not represent a credential leak.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM