retention-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill presents a significant attack surface for Indirect Prompt Injection (Category 8) because it processes untrusted external data. Ingestion points: Data is ingested via the load_data methods described in examples/basic_retention.py. Boundary markers: No delimiters or safety instructions are defined to separate untrusted data from the instruction context. Capability inventory: The skill definition in SKILL.md grants high-privilege access to Bash, Write, Edit, Read, Grep, and Glob tools. Sanitization: There is no evidence of sanitization or input validation for ingested datasets, allowing potential attackers to embed malicious instructions.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly requests the Bash tool in SKILL.md, which is a powerful capability that escalates the potential severity of prompt injection or data-driven attacks.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of standard Python libraries (pandas, numpy, matplotlib, seaborn, scikit-learn, and lifelines) from trusted repositories.
Recommendations
- AI detected serious security threats
Audit Metadata