sklearn-pipeline-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill requests permissions for
Bash(python:*)andBash(pip:*). While consistent with the purpose of training machine learning models and installing dependencies like scikit-learn, these are high-privilege capabilities that allow the agent to execute any code or install any package from external registries like PyPI. - PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection (Category 8) as it takes user instructions to generate and execute code without documented sanitization.
- Ingestion points: User prompts and machine learning task descriptions entered into the agent context.
- Boundary markers (absent): No delimiters or specific 'ignore instructions' warnings are provided to prevent the agent from obeying instructions embedded in user-provided data.
- Capability inventory: Broad access to the file system (Read, Write, Edit) and command execution (Python, Pip).
- Sanitization (absent): The skill does not define any mechanisms for validating or escaping external content before it is used in code generation or execution steps.
Audit Metadata