Skills
skills/petrkindlmann/qa-skills/database-testing/Gen Agent Trust Hub

database-testing

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.execSync to perform database operations like migrations and schema dumping.
  • Evidence: The getSchemaSnapshot function in SKILL.md interpolates the ${dbUrl} variable directly into a pg_dump command string. If this URL is sourced from untrusted project configuration, it presents a command injection vulnerability.
  • [EXTERNAL_DOWNLOADS]: The skill frequently references npx (e.g., npx prisma migrate), which can result in the dynamic download and execution of packages from the public npm registry at runtime.
  • [PROMPT_INJECTION]: The skill is designed to ingest untrusted data from an external file, creating a surface for indirect prompt injection.
  • Ingestion points: The skill explicitly instructs the agent to check .agents/qa-project-context.md for database and environment configuration in the <objective> section.
  • Boundary markers: Absent. There are no instructions to the agent to treat the contents of the context file as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill has extensive capabilities including shell command execution (execSync) and full database query access via the pg pool.
  • Sanitization: Absent. The provided examples show direct use of configuration data in shell commands and database queries without validation or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 07:45 AM