aurora dsql
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for connectivity and infrastructure management. Evidence: The psql fallback workflow in
SKILL.mdusesaws dsql generate-db-connect-admin-auth-tokenandpsqlto execute plans. Evidence:SKILL.mdidentifies management scripts in thescripts/directory for cluster lifecycle and bulk data operations. - [PROMPT_INJECTION]: The skill processes externally-sourced SQL data, creating an indirect prompt injection surface. This is mitigated by structured workflows and validation tools. Ingestion points: User-provided queries and external SQL source files (migrations, pg_dump). Boundary markers: Instructions mandate
dsql_lintvalidation andsafe_query.build()interpolation. Capability inventory: Database DDL/DML execution via MCP tools and shell execution via scripts. Sanitization: Use ofdsql_lintfor compatibility checking andsafe_query.pyfor input validation and escaping. - [EXTERNAL_DOWNLOADS]: The skill references official documentation and code samples from trusted AWS domains. Evidence: Links to
docs.aws.amazon.comand official sample repositories atgithub.com/aws-samples/aurora-dsql-samples.
Audit Metadata