Skills
skills/vanterx/mssql-performance-skills/sqlplan-batch/Gen Agent Trust Hub

sqlplan-batch

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the ability to enumerate files in a local directory and write a markdown summary file (batch-analysis.md) back to that directory. This is consistent with its stated purpose of batch triage.
  • [DATA_EXFILTRATION]: While the skill reads SQL query text from .sqlplan files, it lacks any network-capable commands or logic to send this data to an external server. Data remains local to the user's environment.
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of .sqlplan files. It extracts query text and attributes from these XML files. This creates a surface for indirect prompt injection where malicious content within a plan file could attempt to influence the agent's analysis or output. However, the impact is limited by the agent's scoped tool access and the descriptive nature of the task.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 11:13 AM