Skills
skills/airbytehq/airbyte-agent-cli/connectors-execute/Gen Agent Trust Hub

connectors-execute

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of the airbyte-agent CLI tool. It instructs the agent to use structured JSON payloads via the --json flag, which is a secure method for passing complex parameters to CLI tools while maintaining input integrity.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the airbyte-agent tool via Homebrew (airbytehq/tap/airbyte-agent) and links to the official project repository (github.com/airbytehq/airbyte-agent-cli). These are legitimate resources provided by the verified author of the skill.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests data from external APIs and has the capability to perform write actions (create/update) on those systems.
  • Ingestion points: External data is retrieved from connectors like HubSpot or Twilio through the execute command output.
  • Boundary markers: The instructions do not specify explicit delimiters or markers to isolate the ingested data from the agent's internal reasoning.
  • Capability inventory: The skill includes functions to write to external systems (create, update).
  • Sanitization: While there is no explicit data sanitization logic in the prompt, the skill mitigates risk by requiring strict field selection and prohibiting the silent retry of write failures against alternative targets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 12:07 AM
Security Audit — agent-trust-hub — connectors-execute