Skills
skills/alirezarezvani/claude-skills/senior-data-engineer/Gen Agent Trust Hub

senior-data-engineer

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pipeline_orchestrator.py utilizes the Python compile() function to validate the syntax of generated orchestration code (for Airflow, Prefect, and Dagster). While this is used for validation rather than execution, runtime compilation of strings is a dynamic execution pattern that can be risky if the input content is not strictly sanitized.- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. Multiple components, such as scripts/pipeline_orchestrator.py and the examples in references/workflows.md, construct executable code or SQL statements by directly interpolating variables (like table names or task IDs) into string templates. This could allow an attacker to inject malicious code or SQL commands if these parameters are sourced from untrusted data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 07:10 PM
Security Audit — agent-trust-hub — senior-data-engineer