Security Audit
Snowflake Automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
Snowflake Automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Broad SQL Execution Capabilities, Direct Data Exfiltration via SQL SELECT, Arbitrary SQL Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad SQL Execution Capabilities The `SNOWFLAKE_EXECUTE_SQL` tool allows the execution of arbitrary SQL statements, including DDL (CREATE, ALTER, DROP), DML (INSERT, UPDATE, DELETE), and SELECT queries. This grants the AI agent extensive control over the connected Snowflake data warehouse, operating with the full permissions of the configured account. While this is the intended functionality for an automation skill, it represents a significant risk if the agent is compromised or manipulated by a malicious prompt, potentially leading to data loss, unauthorized data modification, or exfiltration. Implement strict access controls and least privilege principles for the Snowflake account used by the agent. Consider breaking down `SNOWFLAKE_EXECUTE_SQL` into more granular tools (e.g., `SNOWFLAKE_SELECT_DATA`, `SNOWFLAKE_MODIFY_DATA`, `SNOWFLAKE_MANAGE_SCHEMA`) with separate permissions, or enforce strict guardrails on the LLM's ability to generate DDL/DML statements. Ensure robust input validation and LLM output filtering for the `statement` parameter. | LLM | SKILL.md:68 | |
| HIGH | Direct Data Exfiltration via SQL SELECT The `SNOWFLAKE_EXECUTE_SQL` tool allows the execution of arbitrary `SELECT` statements. This capability, combined with the broad permissions of the connected Snowflake account, creates a direct vector for data exfiltration. A malicious prompt could instruct the AI agent to query sensitive tables and return their contents, potentially exposing confidential information. Implement strict output filtering and data loss prevention (DLP) mechanisms on the AI agent's responses. Restrict the Snowflake account's permissions to only necessary tables and columns. Monitor for unusual query patterns or large data retrievals. | LLM | SKILL.md:68 | |
| HIGH | Arbitrary SQL Command Execution The `SNOWFLAKE_EXECUTE_SQL` tool's `statement` parameter allows the execution of arbitrary SQL commands, including DDL (e.g., `CREATE`, `ALTER`, `DROP`) and DML (e.g., `INSERT`, `UPDATE`, `DELETE`). While the skill documentation advises using `bindings` for user-supplied values to prevent SQL injection, a sophisticated prompt injection attack could bypass this recommendation by directly crafting malicious SQL within the `statement` parameter. This effectively grants command injection capabilities within the Snowflake database context, enabling an attacker to modify or destroy data, or manipulate database schema. Implement robust LLM guardrails to prevent the generation of DDL/DML statements from untrusted user input. Enforce strict allow-lists for SQL commands if possible, or require human approval for sensitive operations. Ensure the underlying Snowflake account adheres to the principle of least privilege. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/a14e027ae107fd68)
Powered by SkillShield