Skills
skills/sisodiabhumca/agent-skills/data-contract-enforcer/Gen Agent Trust Hub

data-contract-enforcer

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The enforce.py script is vulnerable to SQL injection. It directly interpolates table names, column names, and constraint values from the contract YAML file into SQL queries (e.g., f"SELECT COUNT(*) FROM {table} WHERE {n} < {col['min']}"). A malicious contract file could execute arbitrary SQL commands on the target warehouse.
  • [CREDENTIALS_UNSAFE]: The skill's documentation and usage examples promote passing full connection strings (DSNs) containing plaintext passwords as command-line arguments (e.g., --dsn 'snowflake://user:pass@account...'). This practices exposes sensitive credentials to other users or processes on the system via process lists or command history.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 04:06 PM
Security Audit — agent-trust-hub — data-contract-enforcer