Skills
skills/sfc-gh-dflippo/snowflake-dbt-demo/streamlit-development/Gen Agent Trust Hub

streamlit-development

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides documentation patterns that are vulnerable to indirect prompt injection (specifically SQL injection) by using Python f-strings to interpolate untrusted user data into database queries. \n
  • Ingestion points: User input enters the context via st.text_input and st.form fields described in SKILL.md. \n
  • Boundary markers: No delimiters or parameterization warnings are used in the provided code examples. \n
  • Capability inventory: The skill uses session.sql() (via Snowpark) in both SKILL.md and connections.py to execute commands on the Snowflake database. \n
  • Sanitization: The examples in SKILL.md lack input validation or parameterized queries, demonstrating unsafe interpolation: session.sql(f"... WHERE date BETWEEN '{start_date}' AND '{end_date}'"). \n
  • [EXTERNAL_DOWNLOADS]: The skill recommends downloading packages from PyPI and Snowflake's Anaconda channel. \n
  • Evidence: uv pip install -r requirements.txt mentioned in SKILL.md. These target well-known package registries. \n
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute system-level commands for package management and deployment. \n
  • Evidence: uv pip install --system modifies the system-wide Python environment, and snow streamlit deploy executes a deployment process via the Snowflake CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:49 PM