db-tool
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The script is vulnerable to SQL injection in its table description functionality. In
db-tool.js, thedescribemethods for SQLite, PostgreSQL, and MySQL directly interpolate the user-provided table name into SQL strings without sanitization or parameterization. This allows an attacker to append malicious SQL commands (e.g., '; DROP TABLE users; --') to be executed by the database. - [COMMAND_EXECUTION]: The tool is designed to execute raw SQL queries provided via the
--queryand--executecommand-line arguments. This capability allows for arbitrary command execution within the database context, enabling any action the database user has permissions for, including deleting data or modifying schemas. - [CREDENTIALS_UNSAFE]: The skill facilitates the use of sensitive database connection strings, which typically contain plaintext usernames and passwords, via the
DATABASE_URLenvironment variable. - [DATA_EXFILTRATION]: Because the tool can execute arbitrary SELECT queries and output the results to the console, it can be leveraged to exfiltrate sensitive information from any accessible database table if the agent is manipulated into performing unauthorized queries.
Recommendations
- AI detected serious security threats
Audit Metadata