pipeline-health-analyzer-skill
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data sources, creating a potential surface for indirect prompt injection where instructions could be embedded in the pipeline data. Ingestion points: SKILL.md (Quick Start and Workflow) explicitly requests pipeline exports in CSV format or CRM access. Boundary markers: No instructions are provided to establish boundaries for external data or to ignore embedded commands. Capability inventory: The skill consists purely of instructions and lacks any executable tools, scripts, or network capabilities, limiting the potential impact of an injection. Sanitization: No data validation, filtering, or sanitization steps are defined for the ingested data.
- [NO_CODE]: The skill does not contain any Python code, Node.js scripts, or binaries. It is composed entirely of markdown instructions and metadata.
Audit Metadata