anygen-data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill code or workflow instructions.
- [DATA_EXFILTRATION]: The skill facilitates the upload of user-specified CSV files to the AnyGen API (www.anygen.io) for analysis. This process is accompanied by clear documentation requiring explicit user consent before any reading or uploading occurs.
- [CREDENTIALS_UNSAFE]: API keys are managed through environment variables or a dedicated configuration file at ~/.config/anygen/config.json. The scripts ensure the configuration file is created with restricted permissions (chmod 600).
- [INDIRECT_PROMPT_INJECTION]: While the skill processes external data, it mitigates potential indirect prompt injection by including a mandatory confirmation phase (Phase 2) where the analysis plan is presented to the user for approval before the task is created.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. Background monitoring is handled via the agent's sessions_spawn capability using local scripts.
Audit Metadata