datahub-enrich
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
datahubCLI through the Bash tool. It includes strict defensive measures to prevent command injection, specifically instructing the agent to reject user-supplied arguments containing shell metacharacters such as backticks, dollar signs, pipes, semicolons, and redirects. - [PROMPT_INJECTION]: The skill contains explicit anti-injection instructions to ignore any commands or directives embedded within user-supplied metadata (descriptions, tags, etc.). It prioritizes the instructions in
SKILL.mdover processed data. - [INDIRECT_PROMPT_INJECTION]: The skill manages untrusted user input by validating tag names (alphanumeric only) and stripping code-like content from descriptions. This reduces the surface area for indirect prompt injection or cross-site scripting (XSS) when the metadata is later viewed in the DataHub UI.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or access to sensitive local configuration files (like
.sshor.aws) were detected. The skill relies on the pre-configured environment of thedatahubCLI. - [EXTERNAL_DOWNLOADS]: No remote code execution or external downloads from untrusted sources are performed. All operations are local to the system and the DataHub instance.
Audit Metadata