data-engineering-streaming
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill demonstrates patterns for ingesting untrusted data from external platforms. \n
- Ingestion points: Data enters the agent context via
consumer.poll()(Kafka),on_message()(MQTT), andjs.subscribe()(NATS) in SKILL.md. \n - Boundary markers: Absent; the code snippets do not include delimiters or instructions to ignore embedded commands within message payloads. \n
- Capability inventory: The skill possesses network communication capabilities through stream client libraries and the
requestslibrary. \n - Sanitization: The code uses
json.loads(), which validates structure but does not sanitize natural language content for potential prompt injection. \n- Data Exposure (LOW): The Kafka producer snippet usessocket.gethostname(), which exposes the local system's hostname to the message broker. \n- Network Operations (LOW): The MQTT example connects tobroker.emqx.io, a non-whitelisted external domain. \n- External Downloads (LOW): The skill references the installation of legitimate packages (confluent-kafka,paho-mqtt,nats-py) from standard registries.
Audit Metadata