data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data formats like CSV, JSON, and SQL query results.
- Ingestion points: Data is loaded from external files (e.g., 'data.csv') and database tables via the 'Read' tool and Python's pandas library as seen in SKILL.md.
- Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore instructions that might be embedded within the data content.
- Capability inventory: The skill utilizes the 'Bash' tool and a Python environment capable of file operations (e.g., saving plots) and system commands.
- Sanitization: No data validation or sanitization logic is present to filter out potentially malicious strings from the input datasets.
Audit Metadata