Skills
skills/besoeasy/open-skills/csv-data-summarizer/Gen Agent Trust Hub

csv-data-summarizer

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from CSV files and incorporates it directly into the agent's conversational context.
  • Ingestion points: The Python script in SKILL.md uses pd.read_csv to read user-provided files.
  • Boundary markers: The output summary does not use delimiters or protective instructions to isolate the data from the agent's primary instructions.
  • Capability inventory: The skill has the ability to write files to the local filesystem using plt.savefig.
  • Sanitization: The skill does not perform any validation or sanitization of the string content found within the CSV cells.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external Python libraries for its core functionality.
  • Evidence: The documentation specifies pip install pandas matplotlib seaborn. These are well-known and widely trusted data science libraries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM