data-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes a prompt improvement hook (
improve-prompt.py) that implements a bypass character (*). This allows users to explicitly skip the refinement process. This is an intended functional feature for user convenience and does not constitute a malicious attempt to subvert agent safety protocols. - [COMMAND_EXECUTION]: A Python script
improve-prompt.pyis provided as a pre-processing hook. The script processes user prompts by escaping special characters (backslashes and quotes) before embedding them into an evaluation template, which mitigates simple injection attacks during the refinement phase. - [DATA_EXFILTRATION]: The skill provides detailed workflows for processing various data formats (CSV, PDF, Excel, etc.). It explicitly mandates a 'Security Probe' step that limits data ingestion to metadata and small samples (e.g., 5 rows), which is a best practice for preventing data leakage and token overflow issues.
- [EXTERNAL_DOWNLOADS]: The skill documentation references several standard, well-known data science libraries such as
pandas,numpy,scikit-learn,matplotlib,seaborn,plotly,tensorflow, andpytorch. These are trusted industry-standard packages.
Audit Metadata