generate-cds-analytical-query
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a standard SAP development workflow for creating analytical projections on existing cubes. It follows best practices by mandating the '@AccessControl.authorizationCheck: #NOT_ALLOWED' annotation, which ensures that security is correctly delegated to the underlying data source.
- [COMMAND_EXECUTION]: The skill executes a read-only SQL query via the 'SAPQuery' tool to verify the SAP_BASIS version in the 'cvers' system table. This is a technical requirement for ensuring syntax compatibility with the 'provider contract' feature.
- [PROMPT_INJECTION]: The skill was evaluated for indirect prompt injection vulnerabilities due to its ingestion of user-supplied cube descriptions and names. This risk is effectively mitigated by the 'Show the plan' phase in Step 4, which establishes a human-in-the-loop requirement to review all generated DDL source code before it is written to the system.
Audit Metadata