electoral-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where instructions could be embedded in the data being processed. Evidence:
- Ingestion points: The skill queries multiple database tables including 'opinion_polls', 'world_bank_data', and 'constituency_election_results' within SKILL.md.
- Boundary markers: There are no delimiters or instructions provided to the agent to disregard potential commands embedded within the fetched data.
- Capability inventory: Across all Python blocks in SKILL.md, the skill uses pandas, numpy, and scikit-learn for modeling; it does not contain subprocess calls, network writing, or file-writing capabilities.
- Sanitization: Python methods like 'aggregate_polls_weighted' and 'analyze_campaign_event_impact' use f-strings to build SQL queries, which lacks the security of parameterized queries and may be vulnerable if the input data is manipulated.
Audit Metadata