hologres-slow-query-analysis
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Privilege Escalation via Database Permissions. The instructions in
SKILL.mddirect users to grantSUPERUSERprivileges or add accounts to thepg_read_all_statsgroup. These permissions are required to access system-level logs in thehologres.hg_query_logtable but grant extensive control over the database instance.\n- [COMMAND_EXECUTION]: The skill relies on thehologres-clitool to execute SQL queries and modify database-level GUC parameters (e.g.,hologres sql run,hologres guc set). This provides a path for the agent to execute commands on the underlying database infrastructure.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill analyzes query logs that contain arbitrary SQL strings and error messages provided by database users.\n - Ingestion points: The system table
hologres.hg_query_log(referenced inSKILL.mdandreferences/diagnostic-queries.md) serves as the entry point for untrusted data.\n - Boundary markers: No specific delimiters or instructions are provided to the agent to treat log content as untrusted data.\n
- Capability inventory: The agent has the capability to execute database commands and modify configurations via
hologres-cli.\n - Sanitization: There is no evidence of sanitization or filtering applied to log data before it is presented to or processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
hologres-cliPython package via pip. This is a vendor-provided tool for managing Alibaba Cloud Hologres resources.\n- [DATA_EXFILTRATION]: Workflows inreferences/log-export.mddescribe how to export sensitive slow query logs to external storage services like MaxCompute or OSS. This is a standard administrative task but involves moving sensitive database activity logs.
Audit Metadata