standardize-naming-conventions
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests data from external TMDL files, including user-defined descriptions and names, which could contain malicious instructions designed to manipulate the agent's behavior during the auditing or renaming process.
- Ingestion points: TMDL files located in the
.SemanticModel/definition/directory (Phase 1, 4). - Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to ignore instructions embedded within the files being audited.
- Capability inventory: File system reads (
ls,rg), interactive user questioning (AskUserQuestion), and file modification (Phase 4 renaming). - Sanitization: No sanitization or validation of the content retrieved from TMDL files is specified before it is used in reports or subsequent shell commands.
- [COMMAND_EXECUTION]: The skill uses shell commands like
rg(ripgrep) with parameters derived directly from the content of TMDL files (e.g., measure and column names). Without proper sanitization, this pattern creates a risk of command injection if a file contains specially crafted names intended to break out of the shell command context.
Audit Metadata