data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): High-risk surface detected. The skill ingests untrusted data from files (CSV, JSON, Excel) and possesses BashRun and FsWrite capabilities. Ingestion points: pd.read_csv, pd.read_json, and pd.read_excel in SKILL.md and template scripts. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are present. Capability inventory: Uses BashRun to execute dynamically generated Python scripts and FsWrite to modify the filesystem. Sanitization: Absent; no evidence of data sanitization before processing.
- Data Exposure (HIGH): Documentation suggests reading from and writing to sensitive locations like $KODE_USER_DIR/.memory/facts/ and $KODE_USER_DIR/.knowledge/docs.
- External Downloads (MEDIUM): Installs third-party packages via setup.sh and requirements.txt.
- Dynamic Execution (MEDIUM): Workflow involves generating and running Python scripts at runtime via the BashRun tool.
Recommendations
- AI detected serious security threats
Audit Metadata