data-orchestration-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides patterns for executing arbitrary shell commands via Airflow's
BashOperator(e.g., inairflow-patterns.md) and Dagster'sdbt.cli(e.g., indagster-integrations.md). These are core capabilities that could be exploited if downstream logic is influenced by untrusted external data. - [INDIRECT_PROMPT_INJECTION] (HIGH): (Capability Tier) The skill implements data ingestion surfaces via S3 sensors, local directory sensors, and database queries (Snowflake). These inputs are used to define task parameters and configuration. There are no explicit boundary markers or sanitization logic shown in the templates for processing these external inputs before they reach high-privilege sinks like shell execution or database writes.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Documentation in
dagster-integrations.mdandairflow-patterns.mdencourages the installation of various third-party packages viapip install. While these are standard data engineering tools, they represent unverifiable external dependencies at runtime. - [CREDENTIALS_SAFE] (INFO): The skill demonstrates safe credential handling by using environment variables (
os.environ,EnvVar), secret managers (AWS Secrets Manager), and dbt profiles with environment variable interpolation. No hardcoded secrets were detected in the reference files.
Recommendations
- AI detected serious security threats
Audit Metadata