sql-toolkit
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for managing databases via CLI tools such as psql, sqlite3, and mysql. It also includes a bash migration script (migrate.sh) that executes local SQL files and interacts with the database. These are legitimate tools for the skill's stated purpose of database administration.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the processing of external content.
- Ingestion points: The toolkit includes patterns for importing external CSV data into SQLite and executing SQL migration files from a local directory.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or sanitize embedded instructions within imported data or migration scripts.
- Capability inventory: The skill utilizes powerful database CLI tools and bash scripting capable of modifying schemas, deleting data, and executing arbitrary SQL.
- Sanitization: While the skill mentions using parameterized queries in application code, the provided bash migration script (migrate.sh) interpolates filenames directly into a SQL query string (WHERE version='$version'), which could lead to SQL injection if migration filenames are sourced from an untrusted origin.
Audit Metadata