dag-graph-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High susceptibility to indirect prompt injection. The skill processes untrusted natural language task descriptions to define execution nodes and tool assignments. Evidence: Ingestion Point (Natural language task descriptions in user requests), Boundary Markers (Absent), Capability Inventory (Controls selection of skillId and mcpTool in generated plans), Sanitization (None). An attacker can craft requests that result in execution graphs performing unauthorized file operations or command execution via downstream schedulers.
- [COMMAND_EXECUTION] (MEDIUM): While the skill does not execute code directly, its output (the DAG) functions as a high-level instruction set for other tools. The ability to arbitrarily map inputs to tool IDs and configurations based on external data creates a risk surface for executing malicious system-level operations.
Recommendations
- AI detected serious security threats
Audit Metadata