datahub-search
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes metadata (such as entity descriptions and column names) fetched from an external DataHub instance to synthesize answers for the user. Maliciously crafted metadata could attempt to influence the agent's behavior. \n
- Ingestion points: Metadata results from
datahub searchanddatahub getcommands (SKILL.md). \n - Boundary markers: Not utilized. The skill does not explicitly instruct the agent to treat retrieved metadata as untrusted data using delimiters or specific 'ignore' instructions. \n
- Capability inventory: The agent is authorized to execute
datahubCLI commands through the Bash tool. \n - Sanitization: Not applied to retrieved metadata. While the skill includes a 'Red Flags' section that validates user-supplied query strings for shell metacharacters, there is no corresponding sanitization for the data returned by the DataHub server before it is processed by the agent.
Audit Metadata