waterfall-enrichment
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions include the command
curl -s "https://code.deepline.com/api/v2/cli/install" | bash. This pattern is highly insecure as it executes arbitrary remote code with local shell privileges without verification. - [COMMAND_EXECUTION]: The skill executes local commands using the
deeplineCLI and runs an embedded Python script viapython3 -cfor data validation, including file reading and processing logic. - [EXTERNAL_DOWNLOADS]: The skill fetches content from and interacts with APIs hosted at
code.deepline.com. - [DATA_EXFILTRATION]: The
deepline auth registercommand indicates that the skill facilitates the handling and external transmission of authentication credentials to the vendor's servers. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it uses template interpolation (e.g.,
{{First Name}},{{Company}}) to insert raw CSV data into CLI command arguments. This allows malicious strings in the input data to manipulate the generated command.- Ingestion points: External CSV files like
leads.csv. - Boundary markers: None; data is directly inserted into JSON-like strings in the command line.
- Capability inventory: Execution of the
deeplineCLI, file modification via the--in-placeflag, and network access for data enrichment. - Sanitization: None detected; the skill relies on the raw values provided in the CSV columns.
- Ingestion points: External CSV files like
Recommendations
- HIGH: Downloads and executes remote code from: https://code.deepline.com/api/v2/cli/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata