cortex-search-tutorial
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches updated documentation and technical specifications from the official Snowflake documentation site (docs.snowflake.com). This is a trusted source used for maintaining accurate instructional content.\n- [COMMAND_EXECUTION]: Provides SQL and Python code snippets for managing Snowflake resources and executing search queries. These operations are conducted within the user's authenticated Snowflake environment.\n- [PROMPT_INJECTION]: Implements a Retrieval Augmented Generation (RAG) pattern using customer support transcripts, creating a surface for indirect prompt injection.\n
- Ingestion points: Processes data from the 'support_transcripts' table, specifically the 'transcript_text' field in LESSONS.md.\n
- Boundary markers: Utilizes structural headers like 'Past support conversations:' and 'Customer question:' in the prompt templates to isolate retrieved context from the system instructions.\n
- Capability inventory: Utilizes Snowflake-native AI functions such as CORTEX.COMPLETE and SEARCH_PREVIEW, along with Python session execution for data management via the snowflake-snowpark-python library.\n
- Sanitization: Employs restrictive system prompting (e.g., 'Answer based ONLY on the provided support transcripts') to minimize the risk of the model following malicious instructions embedded in the data.
Audit Metadata