growth-model-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
UpliftModeler.load_modelmethod inscripts/uplift_modeling.pyusesjoblib.load(). This function is known to be unsafe for loading data from untrusted sources as it can lead to arbitrary code execution through malicious pickle data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Data enters via
GrowthModelAnalyzer.load_datainscripts/growth_analyzer.pywhich reads CSV and Excel files. Boundary markers: No delimiters or 'ignore' instructions are used during data interpolation. Capability inventory: The skill includes file reading and writing capabilities and unsafe deserialization viajoblib.load. Sanitization: There is no evidence of input validation or escaping for the ingested data.
Audit Metadata