Skills
skills/visualxintelligence/agent-toolkit/database-schema-designer/Gen Agent Trust Hub

database-schema-designer

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

The skill consists solely of Markdown files (README.md, SKILL.md, references/schema-design-checklist.md) and a static SQL template (assets/templates/migration-template.sql).

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'DAN') were found in any of the descriptive or instructional text.
  2. Data Exfiltration: No commands or code snippets that attempt to read sensitive files, access credentials, or make network requests to exfiltrate data were found. The SQL template contains standard database introspection commands (SELECT ... FROM INFORMATION_SCHEMA.TABLES, SHOW INDEX FROM) which are benign and part of typical database management.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were detected in any of the files.
  4. Unverifiable Dependencies: The skill explicitly states "No special tools or dependencies required." No commands for installing packages (e.g., npm install, pip install) or fetching external scripts were found.
  5. Privilege Escalation: No commands like sudo, chmod +x, or attempts to modify system files or install services were found. The SQL DDL commands in the template (CREATE TABLE, ALTER TABLE, etc.) are part of the skill's intended output (schema generation) and are not executed by the skill itself with elevated privileges.
  6. Persistence Mechanisms: No attempts to write to user configuration files (.bashrc), create cron jobs, or establish other persistence mechanisms were found.
  7. Metadata Poisoning: The metadata fields (name, description, license) in SKILL.md and README.md are clean and accurately reflect the skill's purpose.
  8. Indirect Prompt Injection: While any LLM skill that processes user input carries an inherent risk of indirect prompt injection, this skill does not contain any internal mechanisms that would make it uniquely vulnerable. Its output is structured data (SQL/NoSQL schema), not executable code that would process arbitrary external input.
  9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or environment variables that could trigger malicious behavior were found.

In summary, this skill is purely informational and generative, providing text-based guidance and templates. It does not execute any code or interact with the system in a way that poses a security risk. The analysis was performed only on the files directly distributed with the skill, which is a good practice.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 10:44 PM