data-science-eda
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill identifies a significant attack surface through the processing of external datasets.
- Ingestion points: Untrusted data enters the context via
pl.read_parquet("data.parquet")inSKILL.mdand through various data loading examples inreferences/large-dataset-eda.md. - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious content embedded within datasets.
- Capability inventory: The skill can write files (
profile.to_file("profile_report.html")), generate interactive HTML via Plotly/Altair, and run dashboarding servers (Streamlit/Dash). - Sanitization: Absent. There is no evidence of validation or sanitization of data values before they are profiled or visualized, which could lead to agent manipulation or downstream XSS risks.
- Dynamic Execution (MEDIUM): In
references/streamlit-advanced.md, the skill demonstrates the use ofpickle.load()for loading model files. Usingpickleon untrusted data is a well-known vulnerability that can lead to arbitrary code execution. - External Downloads (LOW): Several reference files (e.g.,
references/notebook-testing.md,references/sharing-publishing.md) suggest installing third-party packages likenbval,voila, andstreamlit-aggridviapip. While these are established libraries, they expand the dependency risk surface.
Audit Metadata