metric-reconciliation
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly requests 'connection details' for production databases and analytics warehouses in the 'Context Gathering' section. Prompting users to input credentials directly into the conversation context is a security risk as these secrets can be stored in chat logs or session histories.
- [COMMAND_EXECUTION]: The Python workflow uses
pd.read_sqlto execute queries provided by the user. This allows for arbitrary database operations which could be misused for unauthorized data retrieval or modification depending on the level of access granted to the database user. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the data it processes at runtime.
- Ingestion points: Untrusted data enters the agent context through
pd.read_sqlandpd.read_csvas defined inSKILL.md. - Boundary markers: The skill does not implement delimiters or instructions to the agent to ignore commands or instructions embedded within the source data.
- Capability inventory: The skill has capabilities to write files (
reconciliation_report.txt,detailed_comparison.csv) and output detailed analysis to the user session. - Sanitization: No sanitization or filtering is applied to the data retrieved from external sources to prevent malicious instructions from influencing agent behavior.
Audit Metadata