testing-dags
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
afcommands via theuvxrunner to perform Airflow operations such as triggering DAGs and retrieving logs. - [EXTERNAL_DOWNLOADS]: The skill fetches the
astro-airflow-mcppackage from the vendor's repository at runtime. This is a trusted resource owned by the author 'astronomer'. - [REMOTE_CODE_EXECUTION]: The agent uses
uvxto download and run the vendor-provided CLI tool. This is standard behavior for this vendor's management tools. - [CREDENTIALS_UNSAFE]: The skill enables the agent to view Airflow connection details and variables through
af config connectionsandaf config variables. This is necessary for identifying configuration-related failures in the DAG environment. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of external task logs and diagnostics.
- Ingestion points: Data enters the context via
af tasks logsandaf runs diagnosecommands. - Boundary markers: No specific delimiters are defined to separate log content from agent instructions.
- Capability inventory: The agent maintains shell command capabilities via
uvxthroughout the workflow. - Sanitization: External log data is not sanitized before being processed by the agent.
Audit Metadata