database-architect
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes provided local Python scripts (
schema-analyzer.py,migration-validator.py,index-recommender.py) using theuv runcommand. These scripts perform regex-based static analysis on SQL content to validate normalization, identify indexing opportunities, and flag migration risks. The scripts are bundled with the skill and do not perform network operations or execute arbitrary system commands. - [DATA_EXPOSURE]: In 'Evolve' mode, the skill scans the local codebase using standard file discovery patterns (Grep/Glob) to identify schema definitions and ORM models. This behavior is restricted to the specific task of analyzing database architecture and does not attempt to access sensitive system files or credentials.
- [SAFE]: The skill incorporates an HTML-based dashboard (
templates/dashboard.html) for visualizing schema analysis. The dashboard uses robust HTML escaping for user-controllable data (such as table and column names) to prevent cross-site scripting (XSS) when the report is rendered. - [SAFE]: The skill implements strong safety constraints in its instructions, such as mandatory rollback plans for all migrations, explicit warnings for operations with data loss risk, and a requirement for user approval before any schema modifications are proposed.
Audit Metadata