analyzing-data
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (HIGH): The skill suggests running
curl -LsSf https://astral.sh/uv/install.sh | shinscripts/kernel.pyto install theuvtool. This piped shell execution pattern is a high-risk security vector.\n- External Downloads (MEDIUM): Theinstall_packagesmethod inscripts/kernel.pyallows the installation of any Python package viauv pip install, which could be exploited to load malicious code.\n- Command Execution (MEDIUM): The skill executes arbitrary Python code in a persistent Jupyter kernel as part of its core analysis functionality.\n- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: User business questions and database results (SKILL.md). 2. Boundary markers: No delimiters isolate external data from instructions. 3. Capability inventory: Python execution, SQL execution, and package installation. 4. Sanitization: No validation or sanitization is performed on external inputs.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata