exasol-database
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing the 'exapump' CLI, which involves fetching a shell script from the vendor's official GitHub repository at 'https://raw.githubusercontent.com/exasol-labs/exapump/main/install.sh'.
- [REMOTE_CODE_EXECUTION]: The provided installation command uses a 'curl | sh' pattern to execute a remote script. This is documented as the standard setup procedure for the vendor's database tool.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'exapump' CLI to perform database operations, including 'exapump sql' for query execution, 'exapump upload' for data ingestion, and 'exapump export' for data extraction.
- [DATA_EXFILTRATION]: The skill includes functionality to export database tables and query results to local files or cloud storage (S3, Azure Blob Storage, and Google Cloud Storage). This is a primary feature for managing database data.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external CSV and Parquet files and executes SQL queries based on user-supplied input.
- Ingestion points: 'exapump upload' and 'IMPORT INTO' commands in 'references/import-export.md' and 'references/exapump-reference.md'.
- Boundary markers: The skill instructs the agent to double-quote object identifiers for SQL safety, but lacks specific delimiters for isolating untrusted data content during ingestion.
- Capability inventory: The skill can execute SQL queries and perform file system and network operations via the 'exapump' CLI.
- Sanitization: Instructions are provided to double-quote object identifiers to prevent syntax errors and keyword collisions, which provides basic protection for identifier names.
Audit Metadata