data-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted external data.
- Ingestion points: Loading datasets via
pd.read_csvand other file/DB loaders as described in the instructions (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within datasets are provided.
- Capability inventory: Ability to execute Python code for data manipulation and visualization (SKILL.md).
- Sanitization: No explicit sanitization or validation of data content is mentioned.
- [COMMAND_EXECUTION] (SAFE): The skill generates Python code for its primary purpose of data analysis. No evidence of unauthorized shell command execution or malicious subprocess usage was detected.
- [EXTERNAL_DOWNLOADS] (SAFE): No unauthorized remote script execution or package installations. The libraries referenced (Pandas, Seaborn, Plotly, Matplotlib) are industry-standard and trusted.
Audit Metadata