sqltrace-review
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because its core function involves processing and analyzing external, potentially untrusted diagnostic data.
- Ingestion points: The skill ingests raw SQL trace and Extended Events data pasted by users or referenced via file paths (documented in SKILL.md).
- Boundary markers: The instructions do not specify the use of clear delimiters (like XML tags or triple backticks) when the agent processes the external content, which could allow embedded instructions to leak into the agent's context.
- Capability inventory: The skill is restricted to read-only analysis and lacks dangerous capabilities; there are no subprocess calls, network requests, or file-write operations across any scripts.
- Sanitization: The skill includes a 'Query normalization' step in SKILL.md that replaces literal values with placeholders. This serves as a structural sanitization measure that significantly reduces the risk of successful injection from the processed data.
Audit Metadata