greptimedb-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data processing workflow.
- Ingestion points: Phase 2 explicitly asks the agent to ingest sample input data (text, ndjson, or JSON) provided by the user.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore embedded instructions within the user-provided sample data.
- Capability inventory: The skill utilizes
WebFetchfor external documentation and thedryrun-pipelinetool (viagreptimedb-mcp-server) to execute and verify the generated pipeline configurations. - Sanitization: Absent. There is no mention of sanitizing, escaping, or validating the user-provided sample data before it is interpolated into the pipeline definition or passed to the dry-run tool.
- [External Downloads] (SAFE): The skill directs the agent to fetch documentation from
docs.greptime.comandvector.dev. These are reputable and necessary sources for the skill's stated purpose of pipeline configuration. - [Dynamic Execution] (LOW): The skill involves generating VRL (Vector Remap Language) scripts based on user requirements. While this is a form of code generation, it is restricted to a domain-specific language for data transformation and is considered low risk in this context.
Audit Metadata