feature-store-connector
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external ML deployment patterns and configurations while holding high-privilege capabilities.
- Ingestion points: External files and user requests regarding feature store patterns and ML configurations.
- Boundary markers: Absent; the skill does not define delimiters to protect against embedded instructions in processed data.
- Capability inventory: The skill requests Bash, Write, and Edit tools, which enable arbitrary command execution and filesystem modification.
- Sanitization: No sanitization or validation mechanisms are described to filter malicious input.
- [Command Execution] (MEDIUM): The skill requests access to the Bash tool. While common in MLOps, this provides a powerful vector for exploitation if the agent is misled by malicious data from an indirect prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata