Skills
skills/spiceai/skills/spice-text-to-sql/Gen Agent Trust Hub

spice-text-to-sql

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is potentially subject to indirect prompt injection as it processes database metadata and sample data, which are then included in prompts for an LLM.
  • Ingestion points: Data is pulled from information_schema and through table sampling (SKILL.md).
  • Boundary markers: The prompt template uses headers but does not include strong delimiters or instructions to ignore data-embedded commands.
  • Capability inventory: The skill can execute SQL queries and interface with LLM APIs.
  • Sanitization: No specific sanitization of the database-derived content is performed.
  • [COMMAND_EXECUTION]: The skill generates SQL at runtime based on LLM outputs and executes it. This is a standard functional requirement for a text-to-SQL tool but represents an inherent surface for SQL injection if the model is compromised or the database schema is poisoned.
  • Evidence: The workflow and Python examples in SKILL.md demonstrate the generation and immediate execution of SQL queries.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:47 AM