managed-db-services

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill relies on official vendor infrastructure, utilizing the doctl CLI and the authenticated DigitalOcean API (api.digitalocean.com) for all administrative actions.
  • [SAFE]: Sensitive data management adheres to security best practices by leveraging the platform's bindable variable system (e.g., ${db.PASSWORD}, ${db.CA_CERT}) to inject credentials into application environments securely.
  • [SAFE]: Encryption in transit is enforced through documented requirements for SSL/TLS across all database engines (e.g., ssl-mode=REQUIRED for MySQL and rediss:// for Valkey).
  • [SAFE]: Network isolation is maintained through 'Trusted Sources' guidance, which instructs the agent to restrict database access to specific App Platform IDs or VPC CIDRs, reducing the attack surface.
  • [SAFE]: Application integration snippets utilize standard, well-known libraries such as kafkajs and confluent-kafka without any malicious modifications or execution wrappers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 01:56 PM
Security Audit — agent-trust-hub — managed-db-services