Skills
skills/aliyun/alibabacloud-rds-openapi-mcp-server/data-analyst/Gen Agent Trust Hub

data-analyst

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/query.sh executes database CLI tools such as sqlite3, psql, and mysql to perform SQL queries. This functionality is central to the skill's purpose as a data analyst tool.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to ingest and process external data from files and database results. Ingestion points: scripts/analyze_template.py (via pd.read_csv and pd.read_excel) and scripts/query.sh (via SQL result output). Boundary markers: Absent; there are no specific instructions or delimiters to isolate untrusted data from agent instructions. Capability inventory: Shell execution of database clients in scripts/query.sh and file writing capabilities. Sanitization: Not provided for processed data or generated SQL queries.
  • [SAFE]: The initialization script scripts/data-init.sh creates a local workspace in a non-sensitive user directory and populates it with documentation and code templates, posing no security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 07:29 AM
Security Audit — agent-trust-hub — data-analyst