csv-tools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted CSV and JSON data without sanitization or boundary markers.
- Ingestion points: The load_data function in 'scripts/query.py' reads data from file paths provided as input parameters.
- Boundary markers: No delimiters or instructions are used to distinguish data from instructions when the content is presented to the agent.
- Capability inventory: The script can read files (view, stats, filter, sort) and write files (convert) on the local file system.
- Sanitization: No escaping or validation is performed on the content of the files before they are processed or displayed.
- [DATA_EXFILTRATION]: The script uses 'os.path.expanduser' to resolve file paths, which allows it to access sensitive files in the user's home directory (such as SSH keys or credentials) if the agent is instructed to access them. It also has the capability to write or overwrite files using the 'convert' action.
Audit Metadata