time-series-decomposer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains only functional instructions for time series decomposition and lacks any patterns suggesting intent to bypass safety filters or override system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or suspicious network operations were identified. Data access is restricted to user-provided CSV files.
- [Unverifiable Dependencies] (SAFE): All listed dependencies (pandas, numpy, scipy, statsmodels, matplotlib) are well-known, reputable packages from the official Python Package Index (PyPI).
- [Indirect Prompt Injection] (LOW): The skill processes external data via CSV files. While this is an ingestion surface, the processing is handled by structured data libraries for mathematical analysis, presenting a negligible risk of malicious data influencing agent behavior.
- Ingestion points:
load_csvmethod ints_decomposer.py(referenced in SKILL.md). - Boundary markers: None explicitly defined in the API description.
- Capability inventory: File writing via
plot_componentsandplot_seasonal. - Sanitization: Relies on standard pandas CSV parsing which treats inputs as data values rather than instructions.
Audit Metadata