splitting-datasets
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill operates by dynamically generating Python code based on user requests and then executing that code using the
Bashtool. This runtime code generation and execution is a core feature but inherently carries risk as the execution flow is determined at runtime. - [COMMAND_EXECUTION]: The skill requests and utilizes broad
Bash(cmd:*)permissions. This level of access allows for arbitrary command execution on the host system, which is used here to run the generated data processing scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing nature.
- Ingestion points: The skill reads untrusted external data from files like 'my_data.csv' and 'large_dataset.csv' as described in
SKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to separate data content from instructions during processing.
- Capability inventory: The skill has high-privilege capabilities including
Bash(cmd:*),Read,Write, andEditpermissions, and it explicitly generates and runs code. - Sanitization: There is no evidence of sanitization or validation logic to prevent malicious instructions embedded within datasets from influencing the agent's behavior.
Audit Metadata