migrating-airflow-2-to-3
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains a significant Indirect Prompt Injection vulnerability surface (Category 8).
- Ingestion points: The skill ingests and processes user-controlled project files (Python DAGs) during the migration workflow (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters designed to prevent the agent from being influenced by instructions embedded within the codebase being migrated.
- Capability inventory: The agent has the capability to execute shell commands (
ruff) and modify files on disk (--fix --unsafe-fixes). - Sanitization: No sanitization or safety checks are performed on the user's code before the agent applies automated modifications.
- COMMAND_EXECUTION (MEDIUM): The skill directs the agent to execute shell commands with broad impact.
- Evidence: Command
ruff check --preview --select AIR --fix --unsafe-fixes .performs automated code modification. The use of--unsafe-fixesallows the tool to make non-trivial changes to program logic which could be exploited. - EXTERNAL_DOWNLOADS (LOW): The skill recommends installing external dependencies.
- Evidence: Suggests adding
apache-airflow-clientto requirements. - Trust Scope Rule: This finding is downgraded to LOW/INFO as 'apache' is a recognized Trusted Organization.
Recommendations
- AI detected serious security threats
Audit Metadata