ai-pipeline-orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'prefect' and 'prefect-kubernetes' packages from PyPI and downloads model weights for 'sentence-transformers' from HuggingFace. These references target well-known and trusted technology services.
- [PROMPT_INJECTION]: The skill implements workflows that ingest data from external sources, which creates a surface for indirect prompt injection where untrusted content could influence downstream LLM tasks.
- Ingestion points: The 'fetch_documents' task in SKILL.md retrieves data from source URLs, and 'batch_inference_flow' processes data from local input files.
- Boundary markers: The provided code examples lack explicit boundary markers or 'ignore' instructions to separate ingested data from the system's operational logic.
- Capability inventory: The skill's logic includes interacting with the OpenAI API for chat completions and deploying containerized workloads via the KubernetesPodOperator.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content fetched from external sources before it is passed to embedding or inference tasks.
Audit Metadata