aps-doc-core
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands and SQL queries for validation and metadata extraction purposes. Examples include using
python3 -c "import yaml; yaml.safe_load(...)"to validate configuration files and executingDESCRIBEorSHOW COLUMNSstatements to document database schemas. - [EXTERNAL_DOWNLOADS]: The skill interacts with external resources by fetching existing page structures and templates from the organization's Confluence instance (treasure-data.atlassian.net) and references official documentation for Digdag and Presto.
- [DATA_EXFILTRATION]: By design, the skill reads implementation details from a local codebase (SQL logic, workflow configurations, and table schemas) and publishes this information to a remote Confluence instance. This is the intended primary function of the skill for generating centralized documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests and processes untrusted data from local codebase files (.sql, .dig, .yml) and external Confluence pages to generate its output.
- Ingestion points: Local repository files (.dig, .sql, .yml, .md) and remote Confluence page content.
- Boundary markers: None explicitly defined in the generation instructions.
- Capability inventory: Shell command execution (via Python), SQL execution against databases, and Confluence API write access.
- Sanitization: The skill explicitly utilizes
yaml.safe_load()for configuration validation, which mitigates certain types of malicious data processing in YAML files.
Audit Metadata