azuresql-db-from-sql-server

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • External Container Downloads:
  • The skill pulls the Azure SQL Database developer image from "sqldbpreview-dpgaeqhmgphzd4bk.azurecr.io". While this involves downloading external content, the registry is a Microsoft-managed Azure Container Registry used for this preview. This is the intended source for the software.
  • Automated Command Execution:
  • The migration steps involve executing shell commands to manage Docker containers and SQL tools to provision databases. These operations are necessary for the skill's purpose. The use of the "-b" (abort on error) flag in "sqlcmd" is a recommended practice to ensure that configuration errors are properly detected.
  • Repository Data Processing (Indirect Prompt Injection):
  • The skill analyzes local files to detect SQL Server configurations, which introduces a surface for processing untrusted data.
  • Ingestion points: Files are scanned using "grep" as described in "SKILL.md".
  • Boundary markers: No explicit instructions are provided to the agent to ignore embedded commands within the scanned files, though the agent's logic acts as a filter.
  • Capability inventory: The skill uses "docker" and "sqlcmd" (found in "SKILL.md") for container and database management.
  • Sanitization: The results from file scans are processed by the agent to inform migration suggestions, which typically includes a review step by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 04:22 AM
Security Audit — agent-trust-hub — azuresql-db-from-sql-server