skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/data-profiler/Gen Agent Trust Hub
data-profiler
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes and summarizes potentially untrusted data from external files (CSV, Excel, JSON).
- Ingestion points: User-provided data files are ingested using the pandas library as described in SKILL.md.
- Boundary markers: The instructions and code do not implement specific delimiters or warnings to isolate processed data content from the agent's internal instruction set.
- Capability inventory: The skill has filesystem access to read and write data files; however, it lacks network access or the ability to execute system commands.
- Sanitization: Data content is analyzed and reported (including top values and patterns) without filtering or escaping to prevent embedded instructions from influencing the agent.
- [EXTERNAL_DOWNLOADS]: The skill identifies dependencies on standard, well-known Python packages for data analysis.
- Evidence: The SKILL.md documentation specifies the requirement for pandas and numpy libraries.
Audit Metadata