data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from CSV, JSON, and SQL sources, creating a potential surface for indirect prompt injection. 1. Ingestion points: Data loading commands in SKILL.md (e.g., pd.read_csv). 2. Boundary markers: Absent. There are no specific instructions to distinguish between data content and instructions. 3. Capability inventory: Uses Python (Pandas) and the Bash tool for file and data operations. 4. Sanitization: Absent. The skill does not include data validation or sanitization routines.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool and executes Python code for data processing and visualization as part of its primary functionality.
Audit Metadata