production-postgres
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The provided Python template in
templates/connection_pool.pyuses f-string interpolation to construct SQL commands, specifically in the_init_connectionfunction:await conn.execute(f"SET statement_timeout = '{config.statement_timeout_ms}'"). While intended for configuration, this pattern creates a SQL injection vulnerability if the configuration object is populated from untrusted user input without strict validation. - [REMOTE_CODE_EXECUTION]: In
templates/connection_pool.py, thecheck_sqlalchemy_engine_healthfunction utilizes the__import__call to dynamically load thesqlalchemymodule. Although the module name is hardcoded as a static string, dynamic loading is a pattern often monitored as it can be used to bypass static analysis or facilitate the execution of arbitrary code. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data such as database schemas, migration files, and SQL queries. It lacks boundary markers or explicit instructions (e.g., 'ignore embedded instructions') to mitigate 'Indirect Prompt Injection' (Category 8), where malicious SQL comments or data payloads could attempt to hijack the agent's logic during analysis.
- Ingestion points: Processes SQL files, migration files (Alembic/Django), and database schemas.
- Boundary markers: Absent in instructions.
- Capability inventory: Capability to execute SQL via
op.executeandconn.executetemplates. - Sanitization: No sanitization logic is provided in the Python templates for the configuration inputs.
Audit Metadata