moai-domain-data-science
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements model loading and saving using 'pickle' and 'joblib' in SKILL.md and examples.md. These libraries are susceptible to arbitrary code execution if they deserialize data from untrusted sources, such as a malicious model file provided to the ProductionMLPipeline.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Data is read from CSV, JSON, and Parquet files in SKILL.md and multiple examples. Boundary markers: No explicit instructions are provided to the agent to disregard instructions embedded in the data. Capability inventory: The skill has access to Bash, Write, and WebFetch tools. Sanitization: No validation or sanitization of data content is performed before processing.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a wide range of external Python packages and includes installation commands. While most are well-known libraries, several versions listed appear to be future-dated or synthetic (e.g., TensorFlow 2.20.0).
Audit Metadata