Database Operations

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only database helper; its database-changing examples are expected for the topic and it does not install or run code.

Safe to install as a database guidance skill. Review generated SQL before applying it to production, especially dynamic SQL functions, audit logs that may copy sensitive fields, destructive migrations, cache invalidation, and scheduled materialized-view refreshes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description is broad enough to activate this skill for a wide range of ordinary database-related prompts, increasing the chance it is invoked outside its intended scope. Over-broad routing is a security concern because specialized skills can override safer general handling and expose users to risky operational guidance in contexts where it was not explicitly requested.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Several triggers are generic terms like 'database', 'schema', 'migration', 'SQL', and 'caching', which are common in normal technical conversation and likely to cause accidental invocation. This can create prompt-routing collisions, making the agent apply database-operations behavior when the user's request is broader, unrelated, or security-sensitive in a different way.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal