db-investigator
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection through its knowledge management system.
- Ingestion points: Data ingested from the database via
db_query.pyandfetch_structure.py(such as table comments or stored procedure definitions) is stored as domain knowledge in markdown files within thereferences/directory. - Boundary markers: The 'Selective Loading Protocol' in
SKILL.mdloads these files into the agent's context without using boundary markers or safety instructions to ignore potentially malicious content embedded in the ingested data. - Capability inventory: The skill utilizes several Python scripts for database operations and file management, which could be abused if the agent is manipulated by injected instructions.
- Sanitization: While SQL commands are validated against a read-only whitelist, the actual content retrieved from the database is not sanitized before being persisted as knowledge.
- [COMMAND_EXECUTION]: Local shell command execution is used for administrative and lifecycle tasks.
scripts/setup.pyusessubprocess.runto initialize the knowledge system by callingdecay_engine.py.scripts/tests/test_decay_engine.pyusessubprocess.runto execute CLI tests for the engine.scripts/setup.pycreates a behavior-modifying rule file at.claude/rules/db-investigator-evolution.mdto ensure the agent follows the knowledge capture protocol across sessions.- [EXTERNAL_DOWNLOADS]: The skill depends on the
pymysqllibrary for database connectivity. Thescripts/setup.pyscript checks for its presence and directs the user to install it from official package registries.
Audit Metadata