vaex
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process external data from various file formats (CSV, HDF5, Parquet, Arrow). This creates a surface for indirect prompt injection if the processed data contains malicious natural language instructions intended to influence the agent's logic.
- Ingestion points:
vaex.open(),vaex.from_csv(), andvaex.from_pandas()inreferences/core_dataframes.md. - Boundary markers: Absent. The skill does not provide specific delimiters or 'ignore' instructions for the agent when reading external content.
- Capability inventory: File system read/write (
export_hdf5), data manipulation, and statistical computation. - Sanitization: Absent. Data is loaded and processed directly using standard library functions without content validation.
- [Dependencies] (SAFE): The skill references standard, well-maintained data science libraries including
vaex,pandas,numpy, andpyarrow. These are used for their intended purposes. - [Data Exposure & Exfiltration] (SAFE): While the skill accesses the local file system for data processing, there are no patterns suggesting unauthorized exfiltration or access to sensitive system paths (e.g.,
.ssh,.aws).
Audit Metadata