flow-management
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted project metadata.
- Ingestion points: The skill ingests untrusted data from the Dataiku environment via
project.list_datasets()andproject.list_recipes()inSKILL.mdandreferences/build-strategies.md. - Boundary markers: There are no boundary markers or explicit instructions to ignore embedded commands within the names of datasets or recipes.
- Capability inventory: The skill possesses significant capabilities, including triggering project jobs and builds via
recipe.run(),job.start(), andjob.start_and_wait(). - Sanitization: No sanitization or validation is applied to object names retrieved from the API before they are processed or potentially interpolated into prompts.
- [COMMAND_EXECUTION]: The skill uses the Dataiku Python API to trigger execution of recipes and jobs (
recipe.run(),project.new_job().start()). While these are standard for flow orchestration, they represent the primary execution capabilities available to an agent utilizing this skill.
Audit Metadata