spice-connect-data
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines mechanisms to ingest data from a wide variety of untrusted external sources, creating a surface for indirect prompt injection attacks.
- Ingestion points:
SKILL.mdspecifies data ingestion from GitHub issues (github:github.com/owner/repo/issues), arbitrary web endpoints (https://url/path/data.csv), and other external APIs/databases. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the configuration or examples.
- Capability inventory: The skill enables federated SQL queries, data transformations via views, and data writing capabilities (
access: read_write) across local and remote sources. - Sanitization: No data sanitization or validation logic is defined within the skill; it relies on the underlying database engine's default handling.
- [DATA_EXFILTRATION] (SAFE): While the skill defines network connections to databases and cloud storage, these are standard operations for the stated purpose of data federation. Sensitive credentials are handled safely via secret and environment variable placeholders (e.g.,
${ secrets:PG_PASSWORD }). - [COMMAND_EXECUTION] (SAFE): No arbitrary system command execution or shell scripts were found. The skill uses declarative YAML for configuration and SQL for data querying.
Audit Metadata