Skills
skills/aradotso/mcp-skills/universal-db-mcp-connector/Gen Agent Trust Hub

universal-db-mcp-connector

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the universal-db-mcp package from the npm registry and provides instructions to clone source code from an external GitHub repository (github.com/Anarkh-Lee/universal-db-mcp.git).
  • [CREDENTIALS_UNSAFE]: Security-sensitive credentials like database passwords and API keys are passed via command-line arguments in the configuration examples. Most notably, the legacy SSE (Server-Sent Events) connection example demonstrates passing the database password in a URL query string, which can lead to exposure in server logs and browser history.
  • [COMMAND_EXECUTION]: The documentation instructs users to execute several shell commands, including global npm installations, repository cloning, and manual connection testing via CLI tools.
  • [PROMPT_INJECTION]: The skill serves as a gateway to 17+ types of databases, creating a surface for indirect prompt injection where malicious data in a database could influence agent behavior.
  • Ingestion points: Data returned from execute_query, get_sample_data, and get_table_info tools.
  • Boundary markers: None provided in the skill instructions to separate database content from agent logic.
  • Capability inventory: Includes arbitrary query execution (write access possible if --readonly is omitted) and dynamic outbound connections via connect_database.
  • Sanitization: Features an optional --mask-sensitive-data flag for PII, but does not include sanitization for embedded instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 03:26 PM
Security Audit — agent-trust-hub — universal-db-mcp-connector