ltv-predictor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious behavior detected. The skill is designed for ecommerce and retail analytics.
- [Data Processing] (SAFE): The tool processes local CSV data files using established libraries like pandas and scikit-learn. It performs feature engineering and regression modeling as documented without suspicious data access or exfiltration.
- [Dependencies] (SAFE): All identified dependencies (pandas, scikit-learn, etc.) are standard, verifiable packages from the PyPI registry. The inclusion of Flask is consistent with the documented ability to start a local API server for predictions.
- [Indirect Prompt Injection] (SAFE): Although the skill ingests untrusted CSV data which constitutes a theoretical attack surface, its primary purpose is numerical regression rather than feeding text back into an LLM prompt. No exploitable interpolation patterns were found in the provided examples.
- [Capabilities] (SAFE): The permissions requested in SKILL.md (Bash, Write, Read) are appropriate for its core functions, such as installing packages, executing training scripts, and generating report files (HTML, Excel, Markdown).
Audit Metadata