datahub-search

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes metadata retrieved from DataHub (descriptions, tags, ownership) and uses it to synthesize answers. This creates an indirect prompt injection surface where malicious instructions embedded in the metadata could influence the agent's behavior.
  • Ingestion points: Metadata retrieved from search results and entity aspects via the datahub CLI or MCP tools as described in SKILL.md.
  • Boundary markers: None identified. The skill's instructions do not specify delimiters or guidelines to ignore potential commands found within the data being processed.
  • Capability inventory: The skill allows execution of datahub CLI commands via the Bash tool and performs natural language synthesis of the results.
  • Sanitization: The skill includes explicit instructions for input validation to block shell metacharacters in user-provided queries, which effectively mitigates direct injection, but it lacks sanitization for the metadata content returned by the DataHub server.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 09:03 AM
Security Audit — agent-trust-hub — datahub-search