cohort-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected.
- Ingestion points: The skill ingests untrusted data from user-provided files such as data.csv, users.csv, and transactions.csv during analysis and reporting commands.
- Boundary markers: No explicit boundary markers or delimiters are defined in the instructions to help the agent distinguish between data and embedded instructions.
- Capability inventory: The skill possesses the capability to execute a local Python script (scripts/main.py) and generate HTML reports.
- Sanitization: No input sanitization or validation logic is evident in the provided files to mitigate malicious instructions embedded in the source data.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill uses standard, trustworthy Python libraries including pandas, plotly, and click, which are commonly used for data analysis.
- [COMMAND_EXECUTION] (SAFE): The command execution patterns are limited to running local scripts for data processing and report generation, which aligns with the skill's stated purpose.
Audit Metadata