constructive-jobs
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The analyzed skill describes legitimate background job infrastructure for the Constructive platform. All identified behaviors align with the stated purpose of automating tasks based on database changes.\n- [DATA_EXFILTRATION]: The skill facilitates sending database row data to a configurable KNATIVE_SERVICE_URL for job processing. This is an intentional architectural design for event-driven workflows and uses platform-managed environment variables for the destination.\n- [PROMPT_INJECTION]: The skill defines a data ingestion pipeline where database content triggers background processing, creating a surface for indirect prompt injection if downstream handlers process the data as instructions.\n
- Ingestion points: PostgreSQL table rows processed by DataJobTrigger (SKILL.md).\n
- Boundary markers: Data is passed as structured JSON objects; no explicit instruction-isolation markers are documented for the payloads.\n
- Capability inventory: Job workers perform POST requests to a configurable service URL (SKILL.md).\n
- Sanitization: Not explicitly detailed in the trigger configuration; expected to be managed by the Knative function handlers.\n- [COMMAND_EXECUTION]: The DataJobTrigger blueprint node is used to dynamically generate PostgreSQL triggers that execute database functions like app_jobs.add_job(). This is a standard practice for database-level event enqueuing.
Audit Metadata