data-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (CSV files, SQL databases), which constitutes a surface for indirect prompt injection attacks.
- Ingestion points: Data ingestion occurs through
pd.read_csv('data.csv')and SQL SELECT queries as described in the loading and exploration step. - Boundary markers: The instructions lack explicit delimiters or warnings instructing the agent to ignore any natural language instructions that might be embedded within the datasets.
- Capability inventory: The skill has access to the
Bashtool and file system viaRead,Grep, andGlob, which increases the potential impact if an injection attack successfully influences agent actions. - Sanitization: No data validation or sanitization of the loaded datasets is performed in the provided code templates.
Audit Metadata