Postgres MCP Pro
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides clear instructions for installing and configuring a legitimate PostgreSQL Model Context Protocol (MCP) server. The installation paths using Docker and pipx target official repositories associated with the tool's developer (crystaldba).
- [DATA_EXPOSURE]: The skill handles sensitive database connection URIs. It mitigates risk by documenting explicit access modes (read-only, restricted, and unrestricted), encouraging users to apply the principle of least privilege when connecting to production databases.
- [INDIRECT_PROMPT_INJECTION]: Because the skill enables the agent to read data from external databases, it creates a surface for indirect prompt injection. If a database table contains instructions formatted for an LLM, the agent might attempt to follow them when processing query results.
- Ingestion points: SQL query results, EXPLAIN plan analysis output, and schema metadata fetched from the PostgreSQL instance.
- Boundary markers: None explicitly defined in the skill documentation; users should ensure the agent environment provides delimiters for tool outputs.
- Capability inventory: Database query execution, index tuning recommendations, and system health monitoring.
- Sanitization: Relies on the security controls implemented within the
postgres-mcpserver and the agent's own safety filters.
Audit Metadata