usgs-produced-waters
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches geochemical data from the official USGS ScienceBase repository (sciencebase.gov). These downloads are necessary for the skill's primary function and target a well-known, trusted government service.
- [PROMPT_INJECTION]: The skill ingests large external datasets (CSV and Excel), which represents an indirect prompt injection surface where instructions potentially embedded in data records could influence agent behavior.
- Ingestion points: ScienceBase CSV and Excel files downloaded to the /tmp/ directory as specified in SKILL.md and python_example.py.
- Boundary markers: Absent; there are no explicit instructions to the agent to disregard instructions that might be contained within the data fields.
- Capability inventory: Network data retrieval, local file system writes (caching), and narrative analysis generation based on data content.
- Sanitization: Data is processed into numeric and text formats using standard libraries without specific sanitization of fields before they are used in narrative summaries.
Audit Metadata