Skills
skills/davila7/claude-code-templates/exploratory-data-analysis/Gen Agent Trust Hub

exploratory-data-analysis

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The template is designed to interpolate external data into a report format, creating a surface for indirect prompt injection if the source data is attacker-controlled.
  • Ingestion points: Placeholders such as {FILENAME}, {DATA_STRUCTURE_OVERVIEW}, and {PATTERNS_FINDING} in assets/report_template.md are intended to be replaced with content from analyzed files.
  • Boundary markers: The template uses some markdown code blocks for JSON data, but many fields are interpolated directly into prose, providing no clear separation between instructions and data.
  • Capability inventory: No active capabilities exist within the template file itself.
  • Sanitization: The template does not include or enforce any sanitization or escaping of the interpolated content.
  • [Data Exposure & Exfiltration] (LOW): The template explicitly requests the exposure of system-level metadata and paths.
  • Evidence: The use of {FILEPATH} and {COMPLETE_METADATA} in assets/report_template.md will reveal local directory structures and full file metadata to the report recipient, which may constitute unintended data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:43 PM