alibabacloud-adb-smart-analyst

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references an installation script for the 'uv' package manager from 'https://astral.sh/uv/install.sh'. Astral is a well-known provider of high-performance developer tools, and this is the official installation method for the utility.
  • [COMMAND_EXECUTION]: The skill uses 'uv run' to execute its internal Python scripts ('scripts/adb_smart_analyst.py'). This is the intended and standard mechanism for the skill's operation in a developer environment.
  • [PROMPT_INJECTION]: As a text-to-SQL tool, the skill provides a surface for indirect prompt injection. It retrieves semantic definitions and database metadata to construct SQL queries. While malicious content in the database's metadata could influence SQL generation, this risk is inherent to the primary analytical function of the tool.
  • [SAFE]: Database credentials are managed via environment variables that are only effective in the current shell session. This adheres to security best practices by avoiding hardcoded secrets and ensuring credentials are not persisted to disk or committed to version control.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:22 PM
Security Audit — agent-trust-hub — alibabacloud-adb-smart-analyst