moai-domain-data-science
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides templates and production pipeline code that utilize
joblib.load,mlflow.sklearn.load_model, andpickle.load. These methods involve deserialization of data which can lead to arbitrary code execution if a user or attacker provides a malicious model file. - [COMMAND_EXECUTION]: The skill explicitly allows the use of the
Bashtool. While intended for environment setup and data processing, this grants the agent shell access which increases the potential impact of other vulnerabilities. - [EXTERNAL_DOWNLOADS]: Example code in
examples.mdincludes instructions to download the MNIST dataset viatorchvision.datasets.MNIST. This is a standard and trusted resource but involves external network activity. - [PROMPT_INJECTION]: The skill implements a data processing pipeline that ingests external files, creating a surface for indirect prompt injection.
- Ingestion points: The
ProductionMLPipeline._load_datamethod inSKILL.mdreads CSV, Parquet, and JSON files from user-specified paths. - Boundary markers: No boundary markers or "ignore instructions" delimiters are used when processing these data files.
- Capability inventory: The skill has access to
Bash,Write,Edit, andWebFetchtools, providing a path for injected instructions to perform system actions. - Sanitization: There is no evidence of sanitization or validation of the content within the ingested data files before they are processed by the agent.
Audit Metadata