detecting-data-anomalies
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external datasets (CSV, JSON, etc.) which may contain embedded malicious instructions. There are no boundary markers or 'ignore' instructions to prevent the agent from following prompts hidden within the data.
- Ingestion points: Data is loaded via the Read tool as described in SKILL.md and implementation.md.
- Boundary markers: None are present in the skill instructions.
- Capability inventory: The skill can execute Python code using Bash(python:*) and use Grep, Glob, and Read tools.
- Sanitization: No sanitization or validation of input data is performed.
- [COMMAND_EXECUTION]: The skill configuration allows the use of the Bash tool with python:* sub-commands. This is used to run scripts for algorithm selection (algorithm_selector.py), data loading (data_loader.py), visualization (anomaly_visualizer.py), and reporting (report_generator.py). While these scripts are currently templates with minimal functionality, the tool configuration allows for significant code execution capabilities.
Audit Metadata