Skills
skills/snowflake-labs/sfguide-aviation-ops-intelligence/aviation-installer/Gen Agent Trust Hub

aviation-installer

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill creates network rules and external access integrations to download data from api.adsb.lol, github.com (for historical archives and airline reference data), api.aviationstack.com, and www.tsa.gov.
  • [COMMAND_EXECUTION]: Requires the ACCOUNTADMIN role or equivalent privileges to create account-level objects like external access integrations and warehouses, which is necessary for the skill's deployment purpose.
  • [COMMAND_EXECUTION]: Employs dynamic SQL (EXECUTE IMMEDIATE) and JavaScript stored procedures for operational tasks such as resuming data pipelines and performing automated system state verification.
  • [PROMPT_INJECTION]: The skill uses the AI_EXTRACT function to process unstructured content from TSA PDF documents into tabular data. This creates an indirect prompt injection surface where the AI processing could be influenced by malicious content inside a document, though the risk is localized to the data extraction step.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 11:15 AM
Security Audit — agent-trust-hub — aviation-installer