ml-data-pipeline-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation includes an explicit instruction on how to bypass a platform-level constraint ('PreToolUse hook') that enforces a preference for the Polars library. This allows overriding the restriction by adding a specific comment to the file top.
- Evidence: 'To use Pandas, add # polars-exception: at file top.' in
SKILL.md. - [PROMPT_INJECTION]: Indirect prompt injection surface analysis.
- Ingestion points: Data is ingested from ClickHouse and Parquet files in the provided Python code snippets in
SKILL.md. - Boundary markers: The code templates lack markers or instructions to delimit external data from the execution context.
- Capability inventory: The skill is configured with filesystem tools including
Read,Grep, andGlob. - Sanitization: No data validation or sanitization logic is present in the provided ingestion patterns.
- [SAFE]: External documentation references target well-known technology projects and services.
- Evidence: Links to
docs.pola.rs,arrow.apache.org,clickhouse.com,pytorch.org, andpypi.orginSKILL.md.
Audit Metadata