Skills
skills/liangdabiao/claude-data-analysis-ultra/recommender-system/Gen Agent Trust Hub

recommender-system

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The load_model method in scripts/recommendation_engine.py uses pickle.load() to deserialize model data. This is a significant security risk because the pickle module can execute arbitrary code during the deserialization process. An attacker could provide a malicious model file that executes code when loaded by the user.\n- [PROMPT_INJECTION]: The skill processes external CSV data (e.g., user behaviors and item descriptions) and includes these fields in generated Markdown reports and visualizations without sanitization. This presents an indirect prompt injection surface if the output is processed by another AI agent.\n
  • Ingestion points: scripts/data_analyzer.py and scripts/recommendation_engine.py (via read_csv for behavioral and item data).\n
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the ingested data.\n
  • Capability inventory: The skill can perform file-write operations (CSV, JSON, PNG, Markdown) through its analysis and visualization scripts.\n
  • Sanitization: Absent; untrusted strings from data files are directly interpolated into report text and chart titles.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 05:33 AM