Skills
skills/besoeasy/open-skills/json-and-csv-data-transformation/Gen Agent Trust Hub

json-and-csv-data-transformation

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for the user or agent to execute commands with elevated privileges using sudo to install software packages (sudo apt-get install -y jq csvkit).\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by processing untrusted external data via powerful shell utilities.\n
  • Ingestion points: The skill processes data from multiple external sources including data.json, users.json, data.csv, and other files used in the examples.\n
  • Boundary markers: There are no explicit delimiters or boundary markers used in the scripts to differentiate data from instructions, allowing for potential interpretation of data as commands.\n
  • Capability inventory: The skill utilizes jq, csvkit utilities, and awk, all of which provide extensive data manipulation and potentially unsafe execution capabilities.\n
  • Sanitization: The provided examples and Node.js code do not include validation or sanitization of input data before passing it to system commands or shell processors.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 04:37 AM