Skills
skills/xu-xiang/everything-claude-code-zh/clickhouse-io/Gen Agent Trust Hub

clickhouse-io

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via insecure database operations.
  • Ingestion points: Data enters through the bulkInsertTrades function (Trade objects) and the PostgreSQL notification handler (pgClient.on) in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or instructions to treat ingested data as untrusted.
  • Capability inventory: The skill performs database writes and queries using the clickhouse and pg clients.
  • Sanitization: Absent; the code directly interpolates variables (e.g., ${trade.id}) into SQL strings, which is a classic vector for injection if the source data is attacker-controlled.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:38 AM