database-documentation

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes database CLI tools (such as psql, mysql, sqlcmd, and sqlite3) and docker exec commands to introspect system catalogs. This behavior is necessary for the skill's primary purpose of providing grounded documentation from the live database 'oracle'.- [PROMPT_INJECTION]: The skill processes untrusted metadata from database catalogs and ORM models, creating a potential surface for indirect prompt injection. 1. Ingestion points: Database comments, ORM entity definitions, migrations, and source code. 2. Boundary markers: None explicitly defined for the generated documentation output. 3. Capability inventory: Execution of shell commands and file system writes to the repository. 4. Sanitization: The skill specifically mandates the redaction of sensitive credentials (e.g., password=***) before they are written to documentation or displayed.- [SAFE]: The skill accesses sensitive local files like .env and docker-compose.yml to discover connection parameters, but it includes strong mitigations by requiring redaction and prohibiting the printing of raw credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 07:42 PM
Security Audit — agent-trust-hub — database-documentation