recipe-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill utilizes
set_codeandwith_scriptmethods withinreferences/python-recipe.mdto define and execute arbitrary Python logic within the Dataiku platform. This capability allows the agent to generate and run executable code dynamically based on its objectives. - [DYNAMIC_EXECUTION]: The skill uses
CreateColumnWithGRELandFilterOnFormulaprocessors, as shown inreferences/processors.mdandreferences/grel-functions.md, which interpret and execute GREL (General Refine Expression Language) expressions at runtime for data manipulation. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from external sources (e.g.,
builder.with_inputinSKILL.mdandreferences/prepare-recipe.md) without explicit sanitization. If input datasets contain malicious strings, they could potentially manipulate the logic of transformations or scripts generated by the agent. - Ingestion points: Data is ingested from datasets specified in
with_inputcalls across various reference files (e.g.,references/join-recipe.md,references/prepare-recipe.md). - Boundary markers: No boundary markers or 'ignore' instructions are present to prevent the agent from following instructions embedded within the data it processes.
- Capability inventory: The skill can execute scripts (
recipe.run), write data to storage (write_with_schema), and modify project settings (settings.save). - Sanitization: There is no evidence of input validation or content filtering for the data being processed through recipes.
Audit Metadata