databases
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to facilitate database query construction and execution (SQL and MongoDB Query Language). This creates an attack surface where untrusted user input could be used to manipulate database operations if the agent or underlying scripts do not perform strict sanitization. \n
- Ingestion points: User prompts requesting database queries, migrations, or performance checks in SKILL.md.\n
- Boundary markers: None present in documentation.\n
- Capability inventory: References to scripts scripts/db_migrate.py and scripts/db_backup.py that execute database operations.\n
- Sanitization: No sanitization logic or parameterized query guidance is provided in the documentation.\n- Command Execution (LOW): The SKILL.md file contains installation and service management instructions using
sudo. While intended for manual user setup, an AI agent might attempt to execute these privileged commands on the host environment. Evidence: setup blocks in SKILL.md.\n- External Downloads (LOW): The skill documentation encourages installing external tools such asmongodb-atlas-cliandpostgresql-clientfrom external registries (NPM and Apt). Furthermore, the test scripts reveal dependencies onpymongoandpsycopg2which are not declared in the primary requirements.txt. Evidence: references/mongodb-atlas.md and scripts/tests/test_db_migrate.py.\n- Data Exposure (SAFE): The references/mongodb-atlas.md file suggests whitelisting0.0.0.0/0for development. Although labeled as dev-only, this is a dangerous configuration that could lead to unauthorized database access if applied to production systems.
Audit Metadata