shap
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill ingests untrusted data such as feature names and values from user-provided datasets and interpolates them into visual plots and textual summaries without explicit sanitization.
- Ingestion points: Dataset variables (e.g., X_test) and model inputs referenced in SKILL.md and references/workflows.md.
- Boundary markers: Absent.
- Capability inventory: Generation of visualizations via Matplotlib, logging to MLflow, and standard console output.
- Sanitization: No validation or escaping of external content before processing.
- [COMMAND_EXECUTION]: Potential for arbitrary code execution via unsafe deserialization. The production deployment workflow in references/workflows.md utilizes joblib.load() to deserialize model and explainer objects from local file paths, which carries inherent risks if the source files are untrusted.
Audit Metadata