data-aggregation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from untrusted external sources (GitHub commits, App Store reports, and Skillz events), which creates an attack surface for indirect prompt injection. If an agent processes the aggregated output without proper sanitization, malicious content embedded in the source data could influence its behavior.\n
- Ingestion points: The scripts scripts/aggregate_sales.py, scripts/aggregate_commits.py, and scripts/aggregate_events.py read data from files or directories supplied by the user.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are included in the data processing logic or the script outputs.\n
- Capability inventory: The scripts are limited to reading from and writing to the local file system (using --input and --output arguments); no network access or arbitrary command execution capabilities are implemented.\n
- Sanitization: The scripts perform type casting for numeric fields but do not sanitize or validate string content within the processed data.
Audit Metadata