Skills
skills/arthur0824hao/skills/skill-system-postgres/Gen Agent Trust Hub

skill-system-postgres

Warn

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The Python scripts utilize dynamic loading to execute code from filesystem paths computed at runtime:
  • scripts/architecture_graph.py, scripts/projection_engine.py, and scripts/rule_projection.py use importlib.util to load and execute modules (such as tickets.py) from relative paths within the project structure.
  • [COMMAND_EXECUTION]: The skill manifest and documentation describe operations that invoke the psql command-line utility:
  • Entrypoints are defined to run psql for initializing schemas and applying migration files (e.g., init.sql, migrate-v7-behavior-graph.sql).
  • Documentation recommends executing these commands with the high-privilege postgres superuser account.
  • [PROMPT_INJECTION]: The skill processes repository content into documentation, which constitutes an indirect prompt injection surface:
  • Ingestion points: Data is read from files within skills/, note/, review/, spec/, and docs/ directories.
  • Boundary markers: The projection engine uses <!-- GENERATED_START --> and <!-- GENERATED_END --> markers in its generated markdown files.
  • Capability inventory: The skill possesses capabilities for shell command execution (psql) and filesystem write operations.
  • Sanitization: There is no evidence of content sanitization or validation for ingested file data prior to processing or projection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 12:55 AM