data-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
version_datafunction inSKILL.mdusessubprocess.runto calldvcandgit. This allows the agent to interact with the host filesystem and version control systems.\n- [PROMPT_INJECTION]: The skill ingests data from external sources usingrequests.getandpd.read_sqlinSKILL.md, creating an indirect prompt injection surface. 1. Ingestion points: API responses and SQL database results. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (subprocess.run), network requests (requests.get), and database interaction (pd.read_sql). 4. Sanitization: None identified.
Audit Metadata