prowler-attack-paths-query
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches attack path definitions from DataDog's pathfinding.cloud and schema documentation from the Cartography project (via CNCF or prowler-cloud repositories). These are well-known and trusted sources for security research data.
- [COMMAND_EXECUTION]: Employs Bash commands (
curl,jq,python3) to download and process JSON data. While piping to an interpreter is a sensitive pattern, here it is used with a static local command (python3 -c) to parse data from trusted URLs rather than executing remote scripts. - [PROMPT_INJECTION]: Ingests external JSON data which is then used to generate code and documentation, creating a surface for indirect prompt injection.
- Ingestion points: Remote JSON file from
https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json. - Boundary markers: Absent; external data is interpolated into query definitions without isolation markers.
- Capability inventory: The skill utilizes
EditandWritetools to modify project files in theapi/attack_paths/queries/directory. - Sanitization: No validation or sanitization of the external JSON content is described before it is used to generate Python code.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/DataDog/pathfinding.cloud/main/docs/paths.json - DO NOT USE without thorough review
Audit Metadata