data-first
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external databases and APIs that could contain malicious instructions.
- Ingestion points: Data is retrieved from Supabase via SQL queries and external APIs as specified in Phase 1 and 2.
- Boundary markers: Includes Phase 1 and Phase 4 human-in-the-loop confirmation steps where the user must approve the data plan and verify the gathered samples.
- Capability inventory: The skill utilizes tool capabilities for SQL execution (mcp__supabase__execute_sql) and file system writes to the /tmp directory.
- Sanitization: The skill focuses on data quality and volume checks but does not define explicit sanitization or escaping of data content to prevent prompt injection.
- [COMMAND_EXECUTION]: The skill facilitates the execution of sensitive commands to fulfill its data-gathering purpose.
- Database Queries: Directs the agent to execute SQL queries against Supabase databases.
- File Operations: Instructs the agent to write query results to the local file system at /tmp/data-gathering/ for later reference or use by other agents.
Audit Metadata