010118-repository-factories
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The
createSysRepofactory inreferences/admin-sys-factory.mddemonstrates an insecure data handling pattern that creates a vulnerability surface for indirect injection or SQL injection. - Ingestion points: The
fkChecksparameter in thecreateSysRepofunction, specifically thetableandcolumnproperties within the objects of that array. - Boundary markers: None. The values are directly interpolated into a raw SQL string.
- Capability inventory: The function performs database operations using
db.execute(sql...)anddb.delete(table). - Sanitization: The implementation uses
sql.raw()for both the table name and the column name, which bypasses Drizzle ORM's built-in parameterization and protection against SQL injection.
Audit Metadata