data-import
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified during the analysis of the skill body or metadata.- [COMMAND_EXECUTION]: The skill executes the local script competitor-tracker.py and interacts with various Model Context Protocol (MCP) servers to perform data imports. These operations are fundamental to its primary purpose and are protected by a mandatory user approval gate.- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through the processing of untrusted data from external files and Google Sheets.
- Ingestion points: Step 2 (Parsing of CSV, JSON, and Google Sheets data).
- Boundary markers: No specific delimiters or instructions are specified to isolate data field content from the agent's internal reasoning.
- Capability inventory: Accesses local configuration files, executes specific local data scripts, and performs network writes to external APIs via MCP.
- Sanitization: The skill performs format and type validation (e.g., email and phone formatting), but does not implement specific measures to filter or sanitize potential LLM instructions embedded within data fields.
Audit Metadata