funnel-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill's code and instructions were audited for malicious patterns, and no security issues were detected.
- [EXTERNAL_DOWNLOADS]: The skill requires standard data analysis libraries including pandas, plotly, matplotlib, numpy, and seaborn from official package registries. These are well-known, trusted dependencies for data processing and visualization.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests user-provided data such as column names and user journey metrics and reflects them into HTML reports and automated insights without sanitization. However, this behavior is a direct consequence of its primary purpose as an analysis and reporting tool.
- Ingestion points: Data enters through the load_data and define_steps methods in scripts/funnel_analyzer.py.
- Boundary markers: No specific delimiters or warnings are used to isolate untrusted data in the generated reports.
- Capability inventory: The skill uses file-writing capabilities to save HTML reports and Plotly figures locally.
- Sanitization: No explicit sanitization or escaping for user-supplied strings was found in the reporting logic.
Audit Metadata