data-type-converter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data formats including JSON, CSV, XML, YAML, and TOML, creating a surface for embedded instructions.
- Ingestion points: Data is ingested via the
load,convert, andconvert_stringmethods inscripts/data_converter.py. - Boundary markers: No delimiters or explicit instructions to ignore embedded content are documented.
- Capability inventory: The skill performs file system read and write operations using
pandasand various serialization libraries. - Sanitization: No sanitization, validation, or schema enforcement is mentioned for the external content being processed.
- [Dynamic Execution] (LOW): The skill relies on
pyyamlandxmltodictfor parsing. While essential for the primary purpose of format conversion, these libraries can be vulnerable to unsafe deserialization (YAML) or XXE (XML) if not configured correctly. The severity is low as this is the primary intended function of the skill.
Audit Metadata