csv-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata contains conflicting author information across the platform ("aaaaqwq"), the "_meta.json" file ("gitgoodordietrying"), and the repository source ("clawdbot").
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted external data files.
- Ingestion points: Files are ingested via "csv.DictReader", "json.load", and "json.loads" in "SKILL.md".
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish data content from system instructions.
- Capability inventory: The skill provides templates for executing Python code and various shell utilities ("awk", "sort", "sqlite3", "head", "tail", "tr") which could be co-opted if the agent follows instructions embedded in data.
- Sanitization: Includes basic validation for data types and string normalization ("validate_rows", "clean_csv") but lacks logic to neutralize embedded natural language instructions.
- [COMMAND_EXECUTION]: The skill templates use several shell utilities ("awk", "sort", "sqlite3", "head", "tail", "tr") for data manipulation on user-provided filenames and data.
Audit Metadata