etl-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface detected (Category 8).
- Ingestion points: External data sources described in the ETL patterns, including 'source_table', 'CDC events', and 'historical migration' loads.
- Boundary markers: None present in the documentation or pseudocode to isolate untrusted data from agent instructions.
- Capability inventory: The manifest requests 'Bash', 'Write', 'Edit', 'Grep', 'Glob', and 'Read' tools.
- Sanitization: No input validation or sanitization logic is specified for the data being processed.
- [COMMAND_EXECUTION] (HIGH): The skill manifest requests 'Bash' and file-write capabilities. In the context of an ETL orchestrator handling untrusted external data, these tools provide a direct execution vector for malicious instructions embedded in processed datasets.
Recommendations
- AI detected serious security threats
Audit Metadata