Skills
skills/hack23/riksdagsmonitor/electoral-analysis/Gen Agent Trust Hub

electoral-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python implementation in SKILL.md uses f-string interpolation to construct SQL queries, notably in the aggregate_polls_weighted and analyze_campaign_event_impact methods. This practice can lead to SQL injection vulnerabilities if parameters like lookback_days or event_date are derived from unsanitized user input.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it processes untrusted data from external database tables.
  • Ingestion points: The skill reads from opinion_polls, world_bank_data, and current_government_status tables using pandas.read_sql in SKILL.md.
  • Boundary markers: There are no delimiters or 'ignore' instructions used when the agent processes the results of these database queries.
  • Capability inventory: The skill executes database reads and performs complex statistical analysis/regressions via Python.
  • Sanitization: The skill lacks validation or sanitization logic for the data retrieved from the database before it influences the model's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:07 PM