Skills
skills/justinf-cdata/cdata-skills/cdata-driver-cli/Gen Agent Trust Hub

cdata-driver-cli

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation process for the cdatacli tool uses piped shell execution (curl | bash and iwr | iex) to fetch scripts from the vendor's domain cdn.cdata.com.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading driver JAR files from the vendor's artifact catalog or a user-specified URL using the drivers download command.
  • [COMMAND_EXECUTION]: The skill performs shell operations to manage drivers and connections, and uses output redirection to create new agent skill files from driver metadata.
  • [CREDENTIALS_UNSAFE]: The skill handles database connection strings that often contain sensitive credentials like usernames, passwords, and API tokens; these are stored locally in encrypted configuration files.
  • [PROMPT_INJECTION]: The skill defines a workflow for generating secondary skill files from driver metadata, creating a surface for indirect prompt injection.
  • Ingestion point: driver sys_instructions table via the drivers skill command.
  • Boundary markers: None identified in the workflow.
  • Capability inventory: Includes full SQL query execution, connection creation, and driver downloads.
  • Sanitization: None identified during the generation of the secondary skill file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 09:22 PM
Security Audit — agent-trust-hub — cdata-driver-cli