Skills
skills/astronomer/agents/authoring-dags/Gen Agent Trust Hub

authoring-dags

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes potentially untrusted external data.
  • Ingestion points: The skill reads project files (including DAGs and requirements.txt) and parses output from commands like af dags errors and af tasks logs.
  • Boundary markers: The documentation does not specify the use of delimiters or boundary markers when the agent processes these inputs.
  • Capability inventory: The agent has the ability to execute CLI commands (via the af tool) and write files as part of the implementation and iteration phases.
  • Sanitization: There is no evidence of sanitization or validation of the ingested content before it is incorporated into the agent's context.
  • [COMMAND_EXECUTION]: The skill executes vendor-specific commands via the af CLI tool and includes a benign 'Stop' hook that executes an echo command.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 12:34 PM