spice-connect-data
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates querying across diverse external data sources (S3, GitHub, databases, local files) including document formats like Markdown and PDF. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in the processed data could influence agent behavior.
- Ingestion points: External datasets and catalogs configured via YAML (e.g., S3 buckets, GitHub issues, local files).
- Boundary markers: None specified in the instructions to isolate data from instructions.
- Capability inventory: SQL query execution, data federation, and write capabilities (Iceberg/S3 Tables).
- Sanitization: The provided documentation does not detail sanitization or filtering of retrieved data content.
Audit Metadata