using-celery
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its code generation templates.\n
- Ingestion points: Templates in the
templates/folder (e.g.,task.template.py,beat_schedule.template.py) ingest user-defined task names, parameters, and descriptions via Jinja-style placeholders.\n - Boundary markers: Absent. The templates do not include delimiters or instructions for the agent to ignore embedded commands in user-provided fields during code generation.\n
- Capability inventory: The generated code defines Celery tasks and configurations which are executed by background workers with access to the application's environment, message brokers, and internal resources.\n
- Sanitization: Absent. There is no evidence of input validation or escaping before interpolation into the templates.\n- [DATA_EXFILTRATION]: The file
examples/fastapi_celery.example.pyimplements a webhook callback pattern inbatch_process_task. This allows sending task results to a user-providedwebhook_url, which establishes a potential SSRF or data exfiltration surface if the destination is not validated against a trusted whitelist.\n- [EXTERNAL_DOWNLOADS]: The skill documentation and examples recommend installing well-known, standard libraries includingcelery,fastapi,uvicorn,pydantic-settings, andhttpxfrom official package registries.
Audit Metadata