people-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the execution of Python scripts via CLI (e.g., turnover_analyzer.py) which process local data and may load serialized models (e.g., model.pkl).
- [PROMPT_INJECTION]: The skill processes several external data formats (CSV, YAML) providing an attack surface for indirect prompt injection if the data contains malicious instructions for the agent.
- Ingestion points: employees.csv, current.csv, survey.csv, workforce.csv, state.csv, and business_plan.yaml.
- Boundary markers: None provided in script logic.
- Capability inventory: Local execution of Python scripts and data processing logic.
- Sanitization: No explicit content sanitization or validation logic is present in the provided snippets.
Audit Metadata