sql-query-generation
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill transforms user-supplied natural language into SQL without validation, allowing for potential generation of malicious database commands.
- [COMMAND_EXECUTION]: The instructions require the agent to execute EXPLAIN ANALYZE on generated queries, leading to the execution of code on the database system based on user input.
- [DATA_EXFILTRATION]: Malicious SQL could be used to retrieve sensitive data from tables not intended for access.
- [PROMPT_INJECTION]: (Indirect Prompt Injection Surface)
- Ingestion points: Natural language requests (SKILL.md)
- Boundary markers: None
- Capability inventory: SQL generation and EXPLAIN ANALYZE execution (SKILL.md)
- Sanitization: None.
Audit Metadata