data-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed for ETL/ELT tasks that involve processing external data while possessing high-privilege tools like 'Bash' and 'Write', meeting the criteria for a high-severity injection surface.
- Ingestion points: External data ingestion for pipelines and schemas mentioned in the skill description.
- Boundary markers: No delimiters or instructions to ignore embedded instructions are defined.
- Capability inventory: Access to Bash, Write, Edit, Grep, Glob, and Read tools.
- Sanitization: No sanitization or validation protocols are specified in the instructions.
- Command Execution (MEDIUM): The explicit allowance of the 'Bash' tool grants the agent broad system access, which can be exploited if the agent is compromised through malicious data input.
Recommendations
- AI detected serious security threats
Audit Metadata