senior-data-engineer
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility
scripts/pipeline_orchestrator.pygenerates executable Python code (including Airflow DAGs and Prefect flows) by directly embedding configuration values, such as pipeline and table names, into code templates using f-strings. This lacks input sanitization or escaping, which allows for arbitrary code injection into the generated output scripts. - [COMMAND_EXECUTION]: The skill provides numerous templates and utilities that construct shell commands for tools like dbt and Airflow's
BashOperator. Since these commands are built from external parameters without validation, they present a risk of command injection during runtime execution. - [PROMPT_INJECTION]: The skill is designed to process external data sources like CSV, JSON, and database schemas (e.g., in
scripts/data_quality_validator.py), making it susceptible to indirect prompt injection. Malicious data within these sources could influence the agent's interpreted results or generated configurations. - Ingestion points:
scripts/data_quality_validator.pyloads external data for profiling and validation;scripts/pipeline_orchestrator.pyreceives configuration via CLI arguments. - Boundary markers: No delimiters or instructions to ignore embedded commands are implemented in the data processing or generation logic.
- Capability inventory: The skill can generate and compile Python code, execute bash commands, and manage configurations for various data platforms.
- Sanitization: No evidence of input validation, escaping, or sanitization was found in the generation and processing components.
Audit Metadata