harvard-art-museums-data-engineering-app
Warn
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions require cloning a repository from a third-party GitHub account (github.com/Manali0711/Harvard-Artifacts-Collection-Data-Engineering-Analytics-App.git) which is not a verified vendor.- [COMMAND_EXECUTION]: The installation process involves running 'pip install -r requirements.txt' on a manifest provided by an external source, which may lead to the installation of unverified or malicious packages. It also executes 'streamlit run' to start the dashboard application.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from an external API (api.harvardartmuseums.org) that is subsequently rendered in a dashboard and stored in a database.
- Ingestion points: The 'fetch_artifacts' function in SKILL.md retrieves data directly from the Harvard Art Museums API.
- Boundary markers: Absent. There are no instructions or delimiters used to prevent the agent from interpreting instructions that might be embedded in the artifact metadata (titles, descriptions, URLs).
- Capability inventory: The skill utilizes 'mysql.connector' for database writes, 'pd.to_csv' for local file system access, and 'streamlit' for web UI rendering.
- Sanitization: While the skill uses parameterized SQL queries for database operations, it does not include sanitization or validation logic for the content of the metadata before displaying it in the Streamlit application.
Audit Metadata