csv-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides templates for common shell utilities (awk, sort, cut, head, tail, tr, wc) and SQLite to process data files locally. This is a primary function of the skill and used according to best practices for data engineering.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via the processing of untrusted data files.\n
- Ingestion points: Processes external CSV, TSV, and JSON files as defined in SKILL.md.\n
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands in the data.\n
- Capability inventory: Extensive file manipulation and shell command execution capabilities provided across all scripts.\n
- Sanitization: Standard parsing is used for Python operations, but no sanitization is demonstrated for the shell-based examples.
Audit Metadata