Skills
skills/pskoett/pskoett-ai-skills/dx-data-navigator/Gen Agent Trust Hub

dx-data-navigator

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from an external database.
  • Ingestion points: Multiple data fields, including pull_requests.title, jira_issues.summary, confluence_pages.title, and dx_platform_response_answers.value, contain text that may be populated by various users across different integrated platforms.
  • Boundary markers: The skill instructions do not include markers or warnings to the agent to treat retrieved database content as untrusted or to encapsulate it within delimiters.
  • Capability inventory: The agent possesses the capability to execute arbitrary SQL queries using the mcp__dx-mcp-server__queryData tool.
  • Sanitization: There is no documentation of sanitization or validation logic to filter content retrieved from the database before it is interpolated into the agent's context.
  • [DATA_EXFILTRATION]: The skill provides instructions for accessing sensitive Personally Identifiable Information (PII) and internal engineering analytics.
  • Evidence: Detailed documentation and SQL examples are provided for querying user names and email addresses from the dx_users and jira_users tables.
  • Context: Although accessing this data is a core function of the skill's intended purpose (engineering analytics), it constitutes a data exposure surface if the agent is manipulated to transmit this data to unauthorized external endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 02:28 PM