ai-data-engineering
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill implements Retrieval-Augmented Generation (RAG) architecture, which is susceptible to indirect prompt injection if retrieved documents contain malicious instructions.
- Ingestion points: Data enters the system via
TextLoaderandRecursiveCharacterTextSplitterinbasic_rag.pyandmain.py. - Boundary markers: The system uses basic string templates (e.g., 'Answer the question based only on the following context: {context}') without advanced delimiters or 'ignore instructions' warnings.
- Capability inventory: The skill possesses LLM generation capabilities via
ChatOpenAI. - Sanitization: There is no evidence of sanitization or filtering of retrieved content before it is processed by the model.
- Command Execution (LOW):
setup_features.pyutilizesos.system()to initialize a Feast repository and apply feature definitions. While functional for setup, direct command execution should be handled with caution. - Dynamic Execution (LOW):
setup_features.pyprogrammatically generates afeatures.pyconfiguration file from a hardcoded string template and then executes it using Feast's CLI. This is a low-risk pattern as the code content is static and not sourced from external input.
Audit Metadata