csv-data-summarizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill contains aggressive instructions designed to override the agent's default conversational behavior. Evidence: Phrases like 'CRITICAL BEHAVIOR REQUIREMENT', 'DO NOT ASK THE USER WHAT THEY WANT', and 'FORBIDDEN BEHAVIORS' are used to force immediate execution without user confirmation or typical safety checks.
- Indirect Prompt Injection (LOW): The skill processes untrusted CSV files without sanitization or explicit boundary markers. Evidence Chain: 1. Ingestion points: CSV data processed via the summarize_csv(file_path) function. 2. Boundary markers: Absent; there are no delimiters defined to separate data from instructions. 3. Capability inventory: The skill uses Python, pandas, and matplotlib to execute logic and generate visualizations based on data content. 4. Sanitization: Absent; no mention of escaping or validating CSV content before processing.
Audit Metadata