skills/jeremylongshore/claude-code-plugins-plus-skills/building-automl-pipelines/Gen Agent Trust Hub
building-automl-pipelines
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external training datasets without explicit security boundaries.
- Ingestion points: Training data loaded via the Read tool from external CSV, Parquet, or database sources as instructed in
SKILL.mdandreferences/implementation.md. - Boundary markers: Absent; there are no instructions for the agent to ignore or delimit potentially malicious commands embedded within training datasets.
- Capability inventory: Capabilities include
Bash(python:*),Write, andEdit, as well as file system operations (shutil.copy2) withinscripts/pipeline_deployment.py. - Sanitization: No explicit sanitization or validation logic is provided to filter instructions from ingested data.
- [COMMAND_EXECUTION]: The skill includes a Python script that performs file system tasks.
- Evidence: The
scripts/pipeline_deployment.pyutility uses theshutilandoslibraries to create directories and copy files from a source to a target. - [DATA_EXFILTRATION]: The deployment utility could be misused to transfer sensitive data if the agent is manipulated.
- Evidence: The
scripts/pipeline_deployment.pyscript accepts arbitrary source and target paths as command-line arguments. Without path restrictions, it could be used to copy sensitive configuration or credential files into user-accessible locations.
Audit Metadata