juicebox-data-handling
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements services for processing data subject requests that ingest untrusted external data such as email addresses and profile correction fields, creating an indirect prompt injection surface.
- Ingestion points: DataRightsService and DataClassificationSystem in SKILL.md.
- Boundary markers: No delimiters or ignore instructions are present to separate instructions from data.
- Capability inventory: The skill metadata requests Bash(kubectl:) and Bash(curl:) tool access.
- Sanitization: No explicit validation or escaping of the user-provided corrections is identified in the provided code snippets.
- [COMMAND_EXECUTION]: The skill requests expansive shell access through the kubectl and curl tools. While these are relevant to managing data infrastructure in an enterprise context, the use of wildcards provides the agent with unrestricted cluster administrative and network capabilities.
Audit Metadata