orchestrating-data-pipelines
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection through the ingestion of untrusted data from external sources. \n
- Ingestion points: Code examples in dagster.md, prefect.md, and cloud-storage.md describe reading data from S3 buckets and local Parquet files.\n
- Boundary markers: The provided snippets do not include explicit boundary markers or instructions to ignore embedded commands within the processed data.\n
- Capability inventory: The skill scripts include capabilities for network access (S3/GCS), file system operations (DuckDB, Parquet), and CLI tool invocation (dbt, prefect) as detailed in dbt.md and prefect.md.\n
- Sanitization: There is no evidence of data sanitization or validation logic applied to the content of ingested files in the provided examples.\n- [DATA_EXFILTRATION]: Functional cloud storage access. \n
- The documentation in integrations/cloud-storage.md details standard data engineering patterns for reading from and writing to S3 and GCS using established database extensions and adapters.\n- [COMMAND_EXECUTION]: Use of workflow orchestration CLI tools. \n
- The dbt.md and prefect.md files include instructions for using command-line interfaces to run, test, and deploy data transformation models and flows.\n- [EXTERNAL_DOWNLOADS]: Installation of standard data engineering libraries. \n
- The guides list installation commands for widely recognized packages including dbt, prefect, dagster, and their associated data platform adapters.
Audit Metadata