funnel-analysis-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external data sources (SQL, data visualization inputs) and has access to powerful tools including
Bash,Write, andEdit. This creates a critical vulnerability surface where malicious instructions embedded in data files could hijack the agent's high-privilege capabilities. - Ingestion points: Processes data for 'funnel analysis builder' and 'sql queries' mentioned in SKILL.md.
- Boundary markers: None defined in the skill configuration to separate instructions from data.
- Capability inventory: Access to
Bash,Write, andEditallows for system-level changes and arbitrary command execution. - Sanitization: No sanitization or validation logic is defined to prevent embedded instructions from being executed via the Bash tool.
- Command Execution (HIGH): The explicit request for the
Bashtool enables the execution of any shell command. Without strict constraints or a trusted author, this capability can be abused to perform unauthorized actions on the host system if the agent is manipulated by adversarial input.
Recommendations
- AI detected serious security threats
Audit Metadata