Skills
skills/aws-samples/sample-strands-agents-agentskills/file-processing/Gen Agent Trust Hub

file-processing

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted data from CSV, JSON, and text files.
  • Ingestion points: External data enters the agent context via the loading logic in SKILL.md and the load_csv and load_json utility functions in scripts/process.py.
  • Boundary markers: The instructions do not implement boundary markers or provide the agent with explicit directives to ignore instructions that might be embedded within the data files.
  • Capability inventory: The skill utilizes the shell tool to execute Python code, granting it the capability to read/write files and execute system commands.
  • Sanitization: No input validation or sanitization is performed on the data content before it is processed or presented.
  • [COMMAND_EXECUTION]: The skill relies on the agent executing arbitrary Python code snippets and helper scripts via the shell tool to perform data operations.
  • Evidence: SKILL.md provides multiple Python code templates for loading, filtering, and aggregating data which are intended for execution in a shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:36 AM