database-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill's configuration creates a high-risk surface for Indirect Prompt Injection because it combines data ingestion with file-modification capabilities.
- Ingestion points: The frontmatter enables
Read,Glob, andGreptools, which are used to ingest content from the user's workspace files such as the referenced database selection or schema design documents. - Boundary markers: The instructions do not define any delimiters or provide a security context to help the agent distinguish between its own system-level instructions and untrusted data contained in the files it reads.
- Capability inventory: The frontmatter enables
WriteandEdittools, allowing the agent to perform side effects on the filesystem, which could be leveraged by an attacker to overwrite sensitive code. - Sanitization: The skill does not perform any validation, sanitization, or filtering of the content retrieved from external files before the agent processes it.
Recommendations
- AI detected serious security threats
Audit Metadata