Skills
skills/datahub-project/datahub-skills/datahub-lineage/Gen Agent Trust Hub

datahub-lineage

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the datahub CLI to execute search and lineage queries. It includes a critical security instruction for the agent to "Reject shell metacharacters in search queries and URNs before passing to CLI," which proactively mitigates command injection risks from user-provided inputs.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves and processes metadata—such as entity names, descriptions, and tags—from an external DataHub server. This metadata is untrusted and could potentially contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Metadata retrieved via datahub search and datahub lineage commands.
  • Boundary markers: The skill lacks explicit delimiters (e.g., XML tags or unique markers) when processing the returned metadata in the prompt.
  • Capability inventory: System capabilities are constrained to the datahub CLI through the allowed-tools configuration.
  • Sanitization: The skill mandates the sanitization of user-provided entity names and URNs to prevent shell escapes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 09:10 PM