datahub-enrich

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the datahub CLI through the Bash tool. It includes strict defensive measures to prevent command injection, specifically instructing the agent to reject user-supplied arguments containing shell metacharacters such as backticks, dollar signs, pipes, semicolons, and redirects.
  • [PROMPT_INJECTION]: The skill contains explicit anti-injection instructions to ignore any commands or directives embedded within user-supplied metadata (descriptions, tags, etc.). It prioritizes the instructions in SKILL.md over processed data.
  • [INDIRECT_PROMPT_INJECTION]: The skill manages untrusted user input by validating tag names (alphanumeric only) and stripping code-like content from descriptions. This reduces the surface area for indirect prompt injection or cross-site scripting (XSS) when the metadata is later viewed in the DataHub UI.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or access to sensitive local configuration files (like .ssh or .aws) were detected. The skill relies on the pre-configured environment of the datahub CLI.
  • [EXTERNAL_DOWNLOADS]: No remote code execution or external downloads from untrusted sources are performed. All operations are local to the system and the DataHub instance.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 09:03 AM
Security Audit — agent-trust-hub — datahub-enrich