data_analysis
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high vulnerability surface for indirect prompt injection because it ingests untrusted external data and has write/execute capabilities. 1. Ingestion points: Data is loaded from CSV, JSON, and Parquet files in scripts/explore_data.py and scripts/summary_stats.py. 2. Boundary markers: Absent. No delimiters or instructions to ignore embedded content are present. 3. Capability inventory: Includes file read (pl.read_csv), file write (summary_stats.py --output flag), and remote database access (reference/loading.md). 4. Sanitization: Absent. External content is processed directly by the Polars engine.
- Data Exposure & Exfiltration (LOW): The reference documentation (reference/loading.md) provides examples of database connection URIs that include embedded credentials (e.g., user:password). While these are placeholders, they encourage an insecure pattern of secret management.
- Unverifiable Dependencies (LOW): The documentation recommends several third-party Python libraries (polars, sqlalchemy, connectorx, etc.) without specifying fixed versions or integrity verification mechanisms.
Recommendations
- AI detected serious security threats
Audit Metadata