csv-processor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates a vulnerability surface by processing external, potentially untrusted CSV data while having access to sensitive tools.
- Ingestion points: CSV files or data patterns described in the description and triggers.
- Boundary markers: Absent. The skill does not provide instructions to the agent to distinguish between user commands and data-embedded instructions.
- Capability inventory: Includes 'Bash', 'Write', 'Edit', and 'Read' tools.
- Sanitization: No sanitization or validation logic is defined to inspect data before processing.
- No Code (SAFE): No executable scripts, binaries, or obfuscated payloads are included in the skill package.
Audit Metadata