sap-unused-code
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
SAPQuerytool withSAP_ALLOW_FREE_SQL=trueto execute raw SQL queries constructed at runtime. While necessary for the audit functionality, this exposes a high-privilege execution path that could be misused if the platform does not enforce strict read-only constraints on the SQL runner. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via user-supplied filters (Package, Namespace, or Object list). These inputs are interpolated directly into SQL
WHEREclauses (e.g.,p~OBJ_NAME IN ( ... )) without instructions for sanitization or parameterized querying. - Ingestion points: User-provided filters described in the 'Required: scope and intent' section of
SKILL.md. - Boundary markers: None present to distinguish user data from SQL command structure.
- Capability inventory:
SAPQueryexecuting arbitrary SQL based on user input. - Sanitization: No sanitization or validation logic is defined for the interpolated strings.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a public GitHub repository from Amazon Web Services (aws-solutions-library-samples) as a resource for parsing XML files. This is a reference to a well-known service and is documented as a fallback option for the user.
Audit Metadata