carto-manage-platform
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the agent to execute high-privilege administrative commands on the CARTO platform, including user deletion (
carto users delete), bulk resource removal (carto admin batch-delete), and ownership transfers (carto admin transfer). These operations can cause irreversible changes to the organization's environment. - [EXTERNAL_DOWNLOADS]: Troubleshooting documentation (
references/activity-troubleshooting.md) guides the agent to install external dependencies such as theduckdbNPM package and system-level build tools (build-essential,xcode-select) to facilitate local data querying. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing activity logs that contain data originating from various platform users (e.g., event payloads, resource names).
- Ingestion points: Activity data is retrieved via
carto activity queryand processed for analysis inreferences/advanced-analyses.md. - Boundary markers: The skill uses SQL and JSON extraction to structure data but lacks explicit delimiters or instructions to prevent the agent from obeying commands embedded within the log fields.
- Capability inventory: The skill includes powerful administrative capabilities such as user management and bulk resource deletion.
- Sanitization: No explicit sanitization or validation of the retrieved activity log content is performed before it is analyzed.
Audit Metadata