data-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through the analysis of external data.
- Ingestion points: The skill reads platform descriptions, query logs, and configuration files (e.g., dbt, Airflow, Terraform) into the LLM context.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands to separate untrusted artifact data from agent instructions.
- Capability inventory: The skill uses the Task tool to spawn sub-agents and performs file read/write operations within a local workspace.
- Sanitization: There is no evidence of filtering or sanitizing the ingested data before it is evaluated by the sub-agents.
Audit Metadata