Security Audit

pskoett/pskoett-ai-skills:skills/dx-data-navigator

github.com/pskoett/pskoett-ai-skills

AI SkillCommit 3b2f47ccd231

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pskoett/pskoett-ai-skills:skills/dx-data-navigator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct SQL execution via tool parameter enables SQL Injection, Explicit encouragement of database schema and sensitive data discovery.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on March 3, 2026 (commit 3b2f47cc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Direct SQL execution via tool parameter enables SQL Injection The skill exposes a tool `mcp__dx-mcp-server__queryData` that accepts an arbitrary `sql` string as a parameter. This design allows the LLM to construct and execute any SQL query based on user prompts. If the underlying database connection has write/delete permissions, this could lead to critical SQL injection vulnerabilities, enabling data modification, deletion, or even database schema manipulation. Even if restricted to read-only, it allows broad and potentially unauthorized data exfiltration from any accessible table. Implement strict sanitization and validation of the `sql` parameter. Ideally, replace direct SQL execution with a more constrained interface (e.g., specific functions for specific data retrieval, parameterized queries, or an allow-list of permitted SQL commands/patterns). Ensure the database user account used by the tool has the principle of least privilege applied (e.g., read-only access to only necessary tables and columns).	LLM	SKILL.md:10
HIGH	Explicit encouragement of database schema and sensitive data discovery The skill explicitly instructs the LLM to query `information_schema.columns` for schema discovery and provides numerous examples for querying various tables (`dx_users`, `github_users`, `confluence_users`, `pull_requests`, `incidents`, etc.). These tables may contain sensitive user data (e.g., names, emails, AI adoption dates), performance metrics, or internal project details. While intended for legitimate data retrieval, this broad access via direct SQL queries presents a significant data exfiltration risk if the LLM is prompted to retrieve unauthorized or sensitive information. Restrict the database user's permissions to only necessary tables and columns, especially for `information_schema` access. Implement data masking or redaction for sensitive fields. Monitor queries for unusual patterns (e.g., `information_schema` queries outside of initial schema discovery phase or queries for highly sensitive tables/columns).	LLM	SKILL.md:15

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/89f6f8094faaeca1.svg)](https://skillshield.io/report/89f6f8094faaeca1)