exploratory-data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (CRITICAL): The skill documentation explicitly lists 'Pickle' as a supported data format. Deserializing untrusted Pickle data is a severe vulnerability that can lead to arbitrary code execution on the host system.
- Indirect Prompt Injection (HIGH): The skill processes untrusted datasets while possessing high-privilege execution capabilities. Ingestion points: Multiple file formats including CSV, JSON, and Pickle. Boundary markers: None defined to isolate data from instructions. Capability inventory: Execution of Python scripts via subprocess and file system access. Sanitization: No mention of input validation or content filtering.
- Remote Code Execution (MEDIUM): The skill executes local scripts via the shell (e.g., 'python scripts/eda_analyzer.py'). This pattern is vulnerable to command or argument injection if the data file paths or parameters are maliciously crafted and not properly sanitized.
Recommendations
- AI detected serious security threats
Audit Metadata