csv-processor
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for ingesting and processing external CSV data, which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context through the
import_contractorsFastAPI endpoint and theparseContractorCsvTypeScript function via file uploads. - Boundary markers: While the skill enforces structural integrity using Zod and Pydantic, it does not implement specific prompt boundaries or instructions to treat the data as non-executable text.
- Capability inventory: The skill allows for file reading, parsing, and potential database operations based on the processed CSV content.
- Sanitization: Data validation is limited to type checking and format verification (regex for phone/ABN), which does not address the risk of natural language instruction injection within the data fields.
Audit Metadata