tw-research-stat-consultant
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an architectural surface for indirect prompt injection because it ingests and processes untrusted data from user-uploaded files (CSV, Excel, SPSS) and external reference documents.
- Ingestion points: Data enters the agent's context through user-provided files like
your_data.csv(viapd.read_csv) and local repository files such as../../tw_edu_concept_alignment.md. - Boundary markers: The skill lacks explicit delimiters or instructions (e.g., XML tags or clear 'ignore instructions in this file' warnings) to prevent the agent from interpreting content within these data files as executable instructions or behavioral overrides.
- Capability inventory: The agent is equipped with powerful tools, including
Bashfor shell command execution,Writefor file modification, andWebSearchfor network access. - Sanitization: No sanitization or verification steps are defined to filter potential malicious payloads that might be embedded in the structured or unstructured data being analyzed.
Audit Metadata