dagster-pipeline-creator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-severity vulnerability surface because it processes untrusted user prompts to generate and validate code while possessing the 'Bash' tool capability.
- Ingestion points: User requests triggered by phrases like 'Help me with dagster pipeline creator' in SKILL.md.
- Boundary markers: Absent; no delimiters or 'ignore' instructions are provided to separate user data from agent instructions.
- Capability inventory: Bash, Write, Edit, Read, Grep.
- Sanitization: Absent; no logic is defined to validate or sanitize user-provided patterns before they influence tool usage.
- Command Execution (HIGH): The skill requests the 'Bash' tool in 'allowed-tools'. While no malicious scripts are present in the skill definition itself, the combination of shell access and natural language interpretation of user requests allows for arbitrary command execution.
Recommendations
- AI detected serious security threats
Audit Metadata