data-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): SQL Injection Vulnerability. Code examples in EXAMPLES.md (daily_etl) and REFERENCE.md (extract_and_load) use f-strings to construct SQL queries (e.g., f"SELECT ... FROM {table_name}" and f"WHERE run_id = '{run_id}'"). This pattern is highly susceptible to SQL injection, allowing an attacker to execute arbitrary database commands if these variables are influenced by untrusted data.\n- [PROMPT_INJECTION] (HIGH): High Indirect Prompt Injection surface (Category 8). Evidence: \n
- Ingestion points: The skill reads data from PostgreSQL (PostgresHook), Snowflake (SnowflakeHook), Kafka topics (KafkaConsumer), and external APIs (extract_from_api).\n
- Boundary markers: No delimiters or instruction-guarding warnings are used when processing this external content.\n
- Capability inventory: The skill can execute raw SQL, modify database state (MERGE, DELETE, INSERT), and perform network operations via Kafka and Snowflake hooks.\n
- Sanitization: Data is directly interpolated into execution strings without validation, escaping, or schema enforcement.
Recommendations
- AI detected serious security threats
Audit Metadata