datahub-search
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes metadata retrieved from DataHub (descriptions, tags, ownership) and uses it to synthesize answers. This creates an indirect prompt injection surface where malicious instructions embedded in the metadata could influence the agent's behavior.
- Ingestion points: Metadata retrieved from search results and entity aspects via the
datahubCLI or MCP tools as described inSKILL.md. - Boundary markers: None identified. The skill's instructions do not specify delimiters or guidelines to ignore potential commands found within the data being processed.
- Capability inventory: The skill allows execution of
datahubCLI commands via theBashtool and performs natural language synthesis of the results. - Sanitization: The skill includes explicit instructions for input validation to block shell metacharacters in user-provided queries, which effectively mitigates direct injection, but it lacks sanitization for the metadata content returned by the DataHub server.
Audit Metadata