Skills
skills/fusionet24/aiskills/pyspark-test-generator/Gen Agent Trust Hub

pyspark-test-generator

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's code generation logic is susceptible to indirect prompt injection vulnerabilities.\n
  • Ingestion points: The generate_test_suite function in SKILL.md accepts profile_results and table_name as inputs, which are sourced from external data profiling processes.\n
  • Boundary markers: The skill lacks boundary markers or explicit instructions to the agent to treat input strings as untrusted data during code generation.\n
  • Capability inventory: The generated code has the capability to read any table accessible to the Spark session via spark.table and write files to the local disk via open().write(), which could be abused if malicious code is injected.\n
  • Sanitization: No sanitization or escaping is performed on the input metadata. Values like column names and data patterns are directly placed into f-string templates, allowing for potential Python code injection if an attacker controls the profiling metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:09 AM