machine-learning-ops-ml-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating the user-controlled $ARGUMENTS variable directly into the prompts for several specialized sub-agents without any sanitization or the use of protective boundary markers. \n
- Ingestion points: The $ARGUMENTS variable is used to define requirements for the data-engineer, data-scientist, and ml-engineer sub-agents. \n
- Boundary markers: There are no delimiters or explicit instructions to the agents to ignore embedded commands within the input data. \n
- Capability inventory: The sub-agents are capable of generating executable Python code, Terraform infrastructure modules, and Kubernetes manifests for production environments. \n
- Sanitization: No input validation or sanitization mechanisms are present in the skill definition. \n- [COMMAND_EXECUTION]: The skill directs sub-agents to produce executable automation scripts and deployment configurations. While the orchestrator does not execute these directly, the primary function of the skill is to generate code intended for high-privilege environments like Kubernetes clusters and cloud infrastructure.
Audit Metadata