data-pipelines
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The utility script
scripts/new_pipeline.pyperforms filesystem operations using unsanitized user input. - Evidence: The function
create_pipelinetakes anameargument and usesPath(name).mkdir(parents=True)andpath.write_text(content)to create a project structure. - Risk: Without sanitization, a user could provide a name containing path traversal sequences (e.g.,
../../) to write files outside of the intended workspace. - [INDIRECT_PROMPT_INJECTION]: The skill defines a 'Pipeline Review' mode that analyzes external code, which creates a surface for indirect instructions to influence agent behavior.
- Ingestion points: The skill accepts code snippets for audit and review via its primary instruction loop in
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts within the reviewed code are provided.
- Capability inventory: The agent can generate executable code, design architectures, and recommend system-level changes based on its analysis.
- Sanitization: The skill does not include steps to sanitize or escape the content of the pipelines it reviews.
Audit Metadata