hologres-instance-health-analyse

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install 'hologres-cli' via 'pip'. This is the official command-line interface for Alibaba Cloud Hologres, which is consistent with the skill author's identity ('aliyun').
  • [COMMAND_EXECUTION]: The skill utilizes 'hologres-cli' to execute database diagnostics. This includes environment configuration ('hologres config'), status verification ('hologres status'), and SQL execution ('hologres sql run'). These commands are restricted to the database management scope and are necessary for the skill's stated purpose of instance health analysis.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by processing content from database logs ('hologres.hg_query_log') to provide diagnostic reports.
  • Ingestion points: Data is ingested from the 'message' and 'query' columns of the 'hologres.hg_query_log' table via SQL queries.
  • Boundary markers: No explicit instructions are provided to the model to ignore potential instructions embedded within these log messages.
  • Capability inventory: The skill has the capability to execute further SQL commands using 'hologres-cli'.
  • Sanitization: The skill applies basic sanitization by replacing newline characters and truncating error messages to 200 characters ('char(200)'), which reduces the potential for large malicious payloads to influence the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:38 AM
Security Audit — agent-trust-hub — hologres-instance-health-analyse