query
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary Python code through the
ep executecommand andexecute_pythontool. This allows for complex data processing, local file system interaction within the/workspace/directory, and network requests. - [DATA_EXFILTRATION]: The
storage.upload()function in theethpandaopslibrary allows users to upload files from the local environment to a remote storage service, returning a public URL. While intended for sharing metrics and visualizations, it could be used to exfiltrate sensitive data or system information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external sources such as blockchain events (ClickHouse), infrastructure logs (Loki), and explorer APIs (Dora). Maliciously crafted data in these streams could attempt to manipulate the agent's behavior.
- Ingestion points: Data is retrieved from external systems via
clickhouse.query,prometheus.query,loki.query, and variousdoraAPI calls. - Boundary markers: The documentation does not specify the use of delimiters or explicit instructions to the agent to ignore instructions embedded within the fetched data.
- Capability inventory: The skill provides access to a full Python execution environment, file system persistence in
/workspace/, and network upload capabilities. - Sanitization: There is no mention of sanitization or filtering of the content retrieved from external datasources before it is processed by the agent.
Audit Metadata