mz-platform-checks

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the bin/mzcompose command-line utility. This tool is used to execute the defined Python platform checks against various environment scenarios such as restarts and upgrades.
  • [PROMPT_INJECTION]: The skill defines a framework where Python code is written by the agent and then automatically discovered and executed by a local runner. This constitutes a surface for indirect prompt injection if untrusted user requirements are translated into executable code without sufficient validation.
  • Ingestion points: User-provided descriptions for new feature tests or debugging requests based on CI logs.
  • Boundary markers: The documentation does not specify the use of delimiters or specific warnings to ignore instructions embedded in test data.
  • Capability inventory: The agent is expected to write Python files to misc/python/materialize/checks/all_checks/ and execute shell commands via bin/mzcompose.
  • Sanitization: The instructions focus on the structure of the Check class and the use of the dedent() function for SQL fragments, but do not describe automated sanitization of user-provided input used in test generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 09:44 PM
Security Audit — agent-trust-hub — mz-platform-checks