db-core/custom-adapter
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill implements mutation handlers (onInsert, onUpdate, onDelete) that transmit local record data to a remote endpoint using the fetch API. This functionality is the primary intended purpose of the database adapter and uses configuration for the destination.
- Evidence: Use of fetch() in SKILL.md for POST, PATCH, and DELETE operations to config.endpoint.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources, creating a potential surface for indirect prompt injection if the processed data is later used in an agent's context without sanitization.
- Ingestion points: The sync function and loadSubset handler in SKILL.md ingest data from WebSockets and HTTP responses.
- Boundary markers: No delimiters or boundary markers are suggested for the ingested data records.
- Capability inventory: The skill uses fetch() for network communication and write() for local database updates in SKILL.md.
- Sanitization: No sanitization or validation of the ingested data payload is performed before writing to the collection.
Audit Metadata