rudder-profiles-understand
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
pbCLI tool via bash to analyze project models and dependencies. Access is restricted to this specific tool through theallowed-toolsconfiguration. - [PROMPT_INJECTION]: The skill processes external YAML configuration files, CLI outputs, and warehouse metadata, creating a surface for indirect prompt injection. This is addressed by instructions in the 'Handling External Content' section to treat these as untrusted inputs and only extract structured facts.
- Ingestion points:
pb_project.yaml,models/inputs.yaml,models/profiles.yaml,models/sql_models.yaml, and output frompb show models. - Boundary markers: Present. The skill includes explicit instructions to treat YAML and CLI results as untrusted inputs.
- Capability inventory: File reading (
Read), CLI execution (Bash(pb *)), and data warehouse interaction (run_query). - Sanitization: Present. The reference documentation instructs the agent to sanity-check names discovered from metadata before substituting them into SQL templates.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic code generation by interpolating discovered table and column names into SQL templates. While this poses a risk of SQL injection, the risk is reduced by the requirement to validate these names and the use of the skill for a specific vendor's well-defined project structure.
Audit Metadata