sqlplan-compare
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override system instructions, bypass safety filters, or extract system prompts were found. The instructional language is focused entirely on its stated purpose.
- [DATA_EXPOSURE]: The skill does not access sensitive local files (like SSH keys or credentials) or environment variables. It processes user-provided SQL plan data locally within the context of the conversation.
- [REMOTE_CODE_EXECUTION]: There are no commands that download or execute external scripts, nor does the skill use package managers like npm or pip.
- [OBFUSCATION]: The content is written in clear, plain text. No Base64, zero-width characters, or hidden Unicode tags were detected.
- [COMMAND_EXECUTION]: The skill defines logic for text analysis and comparison but does not invoke shell commands or interact with the underlying operating system.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted XML data (SQL plans), it lacks any dangerous capabilities (such as network access or file system modification) that could be exploited via malicious content within those files. The risk is negligible as it only outputs text analysis.
Audit Metadata