carto-connect-datawarehouse
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and process metadata from external data warehouses using tools like
carto connections listandcarto connections describe. This data is externally controlled and could potentially contain malicious instructions designed to influence the agent's behavior. - Ingestion points: Data is fetched via
carto connections list,carto connections get, andcarto connections describeacross all reference files andSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill possesses the capability to
create,update, anddeleteconnections, as well as interact with the file system for credential uploads (e.g., service account JSON keys). - Sanitization: There is no evidence of sanitization or validation of the schema or connection names returned by the data warehouse before they are processed by the agent.
Audit Metadata