Skills
skills/coffeefuelbump/csv-data-summarizer-claude-skill/csv-data-summarizer/Gen Agent Trust Hub

csv-data-summarizer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Prompt Injection (LOW): The SKILL.md file contains instructions using high-pressure language (e.g., '⚠️ CRITICAL BEHAVIOR REQUIREMENT ⚠️', 'FORBIDDEN BEHAVIORS') intended to override the agent's default conversational behavior and safety filters regarding user consent before executing code.
  • Indirect Prompt Injection (LOW): The skill processes untrusted CSV data using pandas and returns a text summary to the agent without sanitization, creating a potential vulnerability surface.
  • Ingestion points: pd.read_csv(file_path) in analyze.py reads external CSV files directly into the agent context.
  • Boundary markers: None. The skill does not use delimiters or instructions to ignore potential commands embedded in the data.
  • Capability inventory: The skill has file-read capabilities (pd.read_csv) and file-write capabilities (plt.savefig).
  • Sanitization: No escaping or validation of CSV content is performed before the summary is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:50 PM