ds-brain
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the system shell to execute a local Python script
ds_utils.pyfor processing complex datasets from marketing and financial platforms. Additionally, it uses shell commands to read local context files.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from multiple external APIs to generate strategic recommendations.\n - Ingestion points: Data is fetched from external platforms (Google Ads, Search Console, GA4, Stripe) through an MCP tool.\n
- Boundary markers: The skill lacks explicit instructions or delimiters to isolate untrusted data and prevent the LLM from following instructions embedded within the fetched content.\n
- Capability inventory: The skill can read local files and execute a local Python script.\n
- Sanitization: While the
ds_utils.pyscript performs data processing, there is no evidence of sanitization specifically targeting potential instructions within the text fields of the ingested data.
Audit Metadata