work-management
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture by following best practices for system administration tools.
- Secure Credential Handling: Database connection details and credentials are managed through environment variables (
${DB2i_HOST},${DB2i_USER},${DB2i_PASS}) in thetools/work-management.yamlconfiguration, ensuring that sensitive information is not hardcoded within the skill files. - SQL Injection Mitigation: All tool definitions in
tools/work-management.yamlutilize parameter markers (e.g.,:subsystem,:user_name,:limit) for SQL execution. This indicates the use of prepared statements or parameter binding by the underlying CLI tool, which effectively prevents SQL injection attacks. - Adherence to Least Privilege: The defined tools are explicitly marked as read-only (
readOnly: true), aligning with their purpose of monitoring and analysis. The SQL queries target system-provided metadata and performance views (QSYS2,SYSTOOLS) which are standard for this domain. - Reliable References: The skill includes extensive documentation and references to official IBM support pages and established system experts, providing a transparent and verifiable foundation for its operations.
Audit Metadata