databases
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The documentation explicitly includes instructions for executing shell commands with administrative privileges using
sudo(e.g.,sudo apt-get install,sudo systemctl start). This enables potential privilege escalation if the agent executes these instructions without human oversight.\n- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8) due to the handling of untrusted database content in combination with powerful management scripts.\n - Ingestion points: Query results from MongoDB (
db.users.find) and PostgreSQL (SELECT * FROM users) as documented in the Quick Start and Common Operations sections.\n - Boundary markers: Absent; there are no instructions provided to delimit external data or ignore instructions contained within it.\n
- Capability inventory: The skill includes scripts for database migration (
db_migrate.py), backup (db_backup.py), and performance checks, which involve file system access, schema modification, and potential command execution.\n - Sanitization: Absent; no sanitization, validation, or escaping of retrieved data is mentioned in the documentation.
Recommendations
- AI detected serious security threats
Audit Metadata