010118-repository-factories

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The createSysRepo factory in references/admin-sys-factory.md demonstrates an insecure data handling pattern that creates a vulnerability surface for indirect injection or SQL injection.
  • Ingestion points: The fkChecks parameter in the createSysRepo function, specifically the table and column properties within the objects of that array.
  • Boundary markers: None. The values are directly interpolated into a raw SQL string.
  • Capability inventory: The function performs database operations using db.execute(sql...) and db.delete(table).
  • Sanitization: The implementation uses sql.raw() for both the table name and the column name, which bypasses Drizzle ORM's built-in parameterization and protection against SQL injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 12:19 PM
Security Audit — agent-trust-hub — 010118-repository-factories