skills/awslabs/mcp/aws dsql/Gen Agent Trust Hub

aws dsql

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is authored by a trusted vendor (awslabs) and its functionality is strictly aligned with legitimate database administration and application development tasks. All external links point to official AWS documentation or samples.
  • [COMMAND_EXECUTION]: The query plan analysis workflow includes a psql fallback that uses shell commands. This represents a potential command execution surface; however, the skill mitigates this by requiring the use of the dsql_lint tool and safe_query.build() logic to ensure that SQL inputs are validated and safely constructed before execution.
  • [PROMPT_INJECTION]: The skill handles externally-sourced SQL from migrations or user inputs, which creates an indirect prompt injection surface. This is addressed by enforced validation workflows (Workflow 7 and 8) and the requirement to use specialized tools (dsql_lint) to sanitize and verify SQL compatibility before any database operations occur.
  • [EXTERNAL_DOWNLOADS]: Includes management scripts capable of loading bulk data from Amazon S3. These operations are standard for database maintenance and are performed within the context of the user's AWS environment, presenting no unexpected security risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:50 PM
Security Audit — agent-trust-hub — aws dsql