triaging-live-sql-activity
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes and displays live SQL activity from CockroachDB cluster views. Instructions embedded within user-authored SQL queries could potentially influence the agent when it triages long-running work.\n
- Ingestion points: Results from diagnostic queries such as
SHOW CLUSTER STATEMENTSandSHOW CLUSTER SESSIONSreferenced inSKILL.mdandreferences/sql-queries.md.\n - Boundary markers: There are no explicit delimiters or instructions to the agent to treat the retrieved SQL query text as untrusted data.\n
- Capability inventory: The skill provides the agent with the ability to perform administrative database operations, specifically
CANCEL QUERYandCANCEL SESSION.\n - Sanitization: The skill employs a
substring()filter in its SQL templates to truncate query text to 200 characters, which limits the available payload size for any potential injection.
Audit Metadata