aws dsql
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by a trusted vendor (awslabs) and its functionality is strictly aligned with legitimate database administration and application development tasks. All external links point to official AWS documentation or samples.
- [COMMAND_EXECUTION]: The query plan analysis workflow includes a psql fallback that uses shell commands. This represents a potential command execution surface; however, the skill mitigates this by requiring the use of the
dsql_linttool andsafe_query.build()logic to ensure that SQL inputs are validated and safely constructed before execution. - [PROMPT_INJECTION]: The skill handles externally-sourced SQL from migrations or user inputs, which creates an indirect prompt injection surface. This is addressed by enforced validation workflows (Workflow 7 and 8) and the requirement to use specialized tools (
dsql_lint) to sanitize and verify SQL compatibility before any database operations occur. - [EXTERNAL_DOWNLOADS]: Includes management scripts capable of loading bulk data from Amazon S3. These operations are standard for database maintenance and are performed within the context of the user's AWS environment, presenting no unexpected security risks.
Audit Metadata