senior-ml-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): Vulnerable prompt construction detected in
references/llm_integration_guide.md. - Ingestion points: The
FEW_SHOT_TEMPLATEandSYSTEM_PROMPTvariables inreferences/llm_integration_guide.mdingest{user_input}and{product_context}respectively. - Boundary markers: Absent. There are no delimiters (e.g., XML tags, triple backticks) separating instructions from data.
- Capability inventory: The skill includes deployment scripts (
scripts/model_deployment_pipeline.py) and RAG builders (scripts/rag_system_builder.py) that perform file operations and deployment tasks. - Sanitization: Absent. No filtering or escaping is applied to the interpolated strings.
- Dynamic Execution / Unsafe Deserialization (MEDIUM): In
references/mlops_production_patterns.md, the skill demonstratesmlflow.sklearn.log_modelandmlflow.register_model. - Evidence: Scikit-learn models are typically serialized using
pickle. Loading a model version from a registry that has been tampered with or sourced from an untrusted environment leads to arbitrary code execution during deserialization. - Data Exposure (LOW): Documentation in
SKILL.mdandreferences/llm_integration_guide.mdreferences sensitive paths like~/.aws/credentialsand environment variables for API keys. - Evidence: While no secrets are hardcoded, the scripts and guides encourage the use of raw API keys in constructor methods (
OpenAIProvider(api_key=api_key)) without demonstrating secure vault or secret manager integration, which is a best-practice violation for 'Senior' level engineering content.
Recommendations
- AI detected serious security threats
Audit Metadata