skills/jeremylongshore/claude-code-plugins-plus-skills/forecasting-time-series-data/Gen Agent Trust Hub
forecasting-time-series-data
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration in SKILL.md requests the Bash(cmd:*) tool. This provides the agent with unrestricted shell access. While typically used for data analysis tasks, this permission level represents a significant security surface if the agent is misled or compromised.
- [PROMPT_INJECTION]: The skill is designed to ingest external datasets for analysis, creating an indirect prompt injection surface.
- Ingestion points: Data provided via the assets/example_data.csv or user-specified CSV/JSON files.
- Boundary markers: Absent; no logic exists in the provided templates to distinguish between data values and potential instructions.
- Capability inventory: Broad access including Bash, Write, and Edit tools across all scripts.
- Sanitization: None; the scripts are currently placeholders and do not validate input data.
- [NO_CODE]: The files scripts/preprocess.py, scripts/forecast.py, and scripts/evaluate.py are non-functional templates. They do not implement the logic described in the skill's metadata and README files, such as handling missing values, performing ARIMA forecasting, or calculating metrics like RMSE.
Audit Metadata