access-management
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The assign_role and create_abac_policy functions use Python f-strings to build SQL queries executed via spark.sql. Direct interpolation of variables like principal and attributes without sanitization creates a significant SQL injection risk where an attacker could grant themselves unauthorized permissions.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits vulnerability to indirect injection through its processing of configuration attributes. 1. Ingestion points: Function arguments (principal, catalog, attributes) in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: spark.sql for privilege and policy management. 4. Sanitization: Absent; input values are directly concatenated into executable SQL strings.
Audit Metadata