data-engineering-ai-ml
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides standard setup instructions for users to install necessary Python libraries via
pip. - [EXTERNAL_DOWNLOADS]: The skill integrates with well-known and trusted external services and libraries, including OpenAI's embedding and chat completion APIs, and downloads pre-trained models via the
sentence-transformerslibrary. - [PROMPT_INJECTION]: The skill implements Retrieval-Augmented Generation (RAG) and evaluation patterns that are susceptible to indirect prompt injection. This occurs when the agent processes data from external sources that may contain hidden malicious instructions.
- Ingestion points: The skill is designed to ingest and process data from external files (Parquet, CSV) and vector databases (LanceDB, pgvector).
- Boundary markers: The provided prompt templates use standard delimiters like
<|system|>,Context:, and---to separate instructions from retrieved data, which helps but does not fully mitigate adversarial injection. - Capability inventory: The skill includes capabilities to read/write local data, manage vector indices, and make network calls to external LLM providers.
- Sanitization: The code examples do not demonstrate explicit sanitization or validation of the retrieved content before it is interpolated into the prompts for the LLM.
Audit Metadata