clickhouse-io
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes data pipeline patterns such as ETL and Change Data Capture (CDC) designed to ingest untrusted data from external sources. * Ingestion points: Data is fetched from PostgreSQL in the
etlPipelinefunction and viapgClientnotifications in the CDC example in SKILL.md. * Boundary markers: No delimiters or instructions to ignore embedded commands are provided in the processing logic. * Capability inventory: The skill utilizesclickhouse.queryandclickhouse.insertto execute database operations. * Sanitization: Examples demonstrate direct string interpolation of variables into SQL queries without escaping or parameterization. - [COMMAND_EXECUTION]: Code templates for bulk data insertion utilize string concatenation to build SQL statements, creating a vulnerability surface. * Evidence: In the
bulkInsertTradesfunction in SKILL.md, trade properties are embedded directly into a SQL string template. This pattern is susceptible to SQL injection if the input data is maliciously crafted.
Audit Metadata