data-catalog-updater
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to interact with data catalogs and pipelines, which are external sources. Malicious content within these sources could influence the agent's behavior. 1. Ingestion points: External data pipelines and catalogs. 2. Boundary markers: Absent. 3. Capability inventory: Includes 'Bash', 'Write', and 'Edit' tools. 4. Sanitization: None mentioned.
- Command Execution (HIGH): The skill explicitly requests the 'Bash' tool in the allowed-tools metadata. While no specific malicious commands are present in the manifest, granting shell access to a skill that processes untrusted data pipeline metadata is a high-risk configuration.
Recommendations
- AI detected serious security threats
Audit Metadata