data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection because it combines data ingestion with high-privilege capabilities. \n
- Ingestion points: Processes external data from
data.csvusing the pandas library as shown in Phase 1. \n - Boundary markers: No delimiters or instructions are present to prevent the agent from interpreting data content as instructions. \n
- Capability inventory: The skill explicitly requests the
bashandfile_writetools in its metadata. \n - Sanitization: There is no evidence of input validation or sanitization to filter malicious strings within the CSV data. \n- COMMAND_EXECUTION (MEDIUM): The skill metadata requests the
bashtool. This provides the agent with the ability to execute arbitrary shell commands, which significantly escalates the potential impact of an injection attack originating from the analyzed data.
Recommendations
- AI detected serious security threats
Audit Metadata