debugging-dags
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to process external and potentially untrusted data from Airflow task logs via
get_task_logs. Attackers who can control task output (stderr/stdout) may inject instructions to manipulate the agent's diagnosis or the 'Immediate Fix' recommendations it generates. Evidence: 1. Ingestion point:get_task_logsin Step 2. 2. Boundary markers: None specified to delimit log content from instructions. 3. Capability inventory: The skill generates SQL fixes, code changes, and CLI commands. 4. Sanitization: No sanitization of log content is performed. - Command Execution (LOW): The instructions explicitly direct the agent to generate and provide ready-to-use CLI commands (e.g.,
airflow tasks run). If the agent environment includes a shell execution tool, there is a risk of these commands being executed directly or being modified by the agent under the influence of injected instructions.
Audit Metadata