mz-platform-checks
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the
bin/mzcomposecommand-line utility. This tool is used to execute the defined Python platform checks against various environment scenarios such as restarts and upgrades. - [PROMPT_INJECTION]: The skill defines a framework where Python code is written by the agent and then automatically discovered and executed by a local runner. This constitutes a surface for indirect prompt injection if untrusted user requirements are translated into executable code without sufficient validation.
- Ingestion points: User-provided descriptions for new feature tests or debugging requests based on CI logs.
- Boundary markers: The documentation does not specify the use of delimiters or specific warnings to ignore instructions embedded in test data.
- Capability inventory: The agent is expected to write Python files to
misc/python/materialize/checks/all_checks/and execute shell commands viabin/mzcompose. - Sanitization: The instructions focus on the structure of the
Checkclass and the use of thededent()function for SQL fragments, but do not describe automated sanitization of user-provided input used in test generation.
Audit Metadata