Skills
NYC
skills/astronomer/agents/tracing-upstream-lineage/Gen Agent Trust Hub

tracing-upstream-lineage

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it instructs the agent to read and process external DAG source code via the af dags source command.
  • Ingestion points: External Airflow DAG source code files.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands within the ingested code.
  • Capability inventory: The skill uses af dags list, af dags source, af tasks list, and af dags stats to inspect the environment.
  • Sanitization: Absent; the content of the DAG files is not sanitized or validated before processing.
  • [Command Execution] (SAFE): The skill employs a specific set of Airflow CLI tools (af) for administrative inspection. No arbitrary or high-risk shell execution patterns or unauthorized command injections were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:47 PM