data-engineering-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected. The content consists entirely of technical documentation and code examples.
- Data Exposure & Exfiltration (SAFE): The skill emphasizes the use of environment variables for sensitive credentials (e.g.,
AWS_ACCESS_KEY_ID,PG_PASSWORD). It explicitly warns against committingprofiles.ymlto version control. No hardcoded secrets or suspicious data exfiltration patterns were found. - Unverifiable Dependencies (SAFE): All recommended installations target well-known, industry-standard packages from the Python Package Index (e.g.,
prefect,dagster,dbt-core). There are no suspicious remote scripts or piped installations (e.g.,curl | bash). - Indirect Prompt Injection (LOW): While the skill describes data ingestion patterns from external sources (S3, GCS), it is a documentation-focused skill. The surface for processing untrusted data is inherent to the data engineering use case, but the skill provides no automated capabilities that would execute untrusted instructions found in that data.
- Dynamic Execution (SAFE): No use of
eval(),exec(), or runtime compilation of untrusted code was detected. Python scripts provided are static templates for orchestration flows.
Audit Metadata