Skills
skills/liangdabiao/claude-data-analysis-ultra-main/rfm-customer-segmentation/Gen Agent Trust Hub

rfm-customer-segmentation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill ingests untrusted CSV data and processes it using high-privilege tools (Bash, Write). Malicious content in the CSV could influence agent behavior or lead to code execution via the agent's logic. Evidence: 1. Ingestion points: SKILL.md instructions for loading transaction CSV data. 2. Boundary markers: Absent; no delimiters are defined. 3. Capability inventory: Bash, Write, Read, and Glob tools are allowed. 4. Sanitization: Absent; no validation or escaping of data fields is mentioned.
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill references missing scripts (core_analysis.py, visualization.py, report_generator.py) and uses unpinned version ranges (>=) for packages outside the trusted scope, posing a supply chain and verification risk.
  • Dynamic Execution (MEDIUM): The examples/basic_usage.md file promotes executing dynamically constructed Python code strings via python -c, which is a high-risk pattern when combined with external data ingestion.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:01 AM