csv-data-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is designed to ingest and process untrusted external data from CSV files which could contain malicious instructions. 1. Ingestion points:
pd.read_csv(file_path)in the provided Python template. 2. Boundary markers: Absent; no specific instructions are provided to delimit data from instructions. 3. Capability inventory: File reading and local code execution (as prompted in the instructions). 4. Sanitization: Absent; the script processes data as-is. - COMMAND_EXECUTION (LOW): The instructions explicitly direct the agent to 'Create a Python script to perform automated checks'. This involves runtime code generation and execution which is a standard but noteworthy behavior for data analysis skills.
Audit Metadata