sqlplan-index-advisor
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected across the analyzed files.
- [DATA_EXPOSURE]: No sensitive file paths, hardcoded credentials, or network exfiltration patterns were found. The skill operates locally on provided SQL execution plan data.
- [PROMPT_INJECTION]: The instructions are strictly technical and focused on SQL optimization rules. No attempts to bypass safety filters or override system instructions were identified.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted XML data (.sqlplan files). While the instructions define a strict logic for extracting specific attributes (like costPercent and operator names), there is a theoretical surface for indirect injection if a malicious execution plan contains unexpected instructions in metadata fields. However, the rigid processing rules and lack of high-privilege capabilities mitigate this risk.
- [COMMAND_EXECUTION]: No shell command execution or dynamic context injection patterns were detected.
Audit Metadata