csv-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill consists of documentation and code templates for data manipulation using Python's built-in standard library (csv, json, sqlite3) and standard shell utilities (awk, head, sort, tr). No security vulnerabilities were identified in the provided code snippets.
- [PROMPT_INJECTION]: The skill processes untrusted external data (CSV/JSON) which represents a potential indirect prompt injection surface. Evidence: (1) Ingestion points: read_csv, json.load, and open calls in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: File writing (write_csv) and shell command execution (awk, sort) in SKILL.md. (4) Sanitization: Includes patterns for data cleaning (clean_csv) and type validation (validate_rows). This is a common surface for data-processing skills and is handled as a low-risk factor.
- [COMMAND_EXECUTION]: Includes standard examples for using data processing tools like awk and sort. These commands are used for their intended purpose of filtering, sorting, and organizing tabular data.
- [DATA_EXFILTRATION]: All file operations are restricted to the local file system. There are no network calls, external API requests, or hardcoded credentials detected.
- [REMOTE_CODE_EXECUTION]: No external packages or scripts are downloaded; the skill relies entirely on pre-installed environment tools and standard library modules.
Audit Metadata