docyrus-dsql-query-design

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the docyrus CLI tool for all primary functions, including session validation (docyrus auth), environment discovery (docyrus apps list), schema inspection (docyrus dsql schema), and query execution (docyrus dsql query).
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface because it involves retrieving data from logical data sources and presenting a summary to the user.
  • Ingestion points: Data returned from DSQL queries executed via the query or ask commands (SKILL.md, step 5 and 6).
  • Boundary markers: The agent is instructed to summarize results directly (SKILL.md, step 7) without the use of delimiters or explicit instructions to ignore potentially malicious instructions embedded in the data records.
  • Capability inventory: The agent possesses capabilities to list applications, fetch schemas, and run queries against any data source the authenticated session can access.
  • Sanitization: The skill's architecture utilizes a read-only SQL dialect (DSQL) that strictly limits operations to SELECT statements and rejects DDL or DML, providing structural protection against direct database modification (references/dsql-language-reference.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 10:29 PM
Security Audit — agent-trust-hub — docyrus-dsql-query-design