senior-data-scientist
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external data and configurations which may originate from untrusted sources.
- Ingestion points: Reads from the
data/directory andconfig.yamlfile via script arguments. - Boundary markers: None identified in the provided file to separate instructions from data.
- Capability inventory: Executes arbitrary Python scripts (
python3), builds Docker images (docker build), and manages infrastructure (kubectl apply,helm upgrade). - Sanitization: No validation or sanitization of input data or configuration values is documented.
- [Command Execution] (HIGH): Provides tools that execute system-level commands for model deployment and infrastructure management, creating a high-impact outcome if the agent is manipulated via injection.
- [Unverifiable Dependencies] (LOW): References a large tech stack (PyTorch, TensorFlow, LangChain, etc.). While installation commands are not in this file, the runtime environment likely relies on these external packages.
Recommendations
- AI detected serious security threats
Audit Metadata