regression-analysis-modeling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core function of processing untrusted data with privileged tools.
- Ingestion points: The skill reads user-provided CSV files (e.g., data.csv, housing_data.csv) as described in README.md and SKILL.md.
- Boundary markers: No delimiters or instructions are provided to the agent to treat CSV headers or content as non-executable data.
- Capability inventory: The skill is granted 'Bash', 'Write', and 'Glob' tools in SKILL.md, allowing for file modification and shell command execution.
- Sanitization: No sanitization or validation of external input is evident before it is used for 'business insights' and reporting.
- COMMAND_EXECUTION (HIGH): The skill explicitly allows 'Bash' tool access. In the context of an agent interpreting untrusted CSV content, this provides a direct vector for code execution if a malicious prompt is embedded in a data column.
- EXTERNAL_DOWNLOADS (LOW): The requirements.txt file lists standard data science libraries (pandas, scikit-learn, etc.). While these are external dependencies (normally MEDIUM), they are from trusted registries and downgraded per [TRUST-SCOPE-RULE].
- INFO (LOW): Missing Source Files. The package documentation references core_regression.py, feature_engineering.py, model_evaluation.py, and prediction_visualizer.py, but these files were not provided in the source for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata