retention-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing external datasets that may contain malicious instructions. * Ingestion points: Untrusted data enters the agent context via 'load_data' methods in 'scripts/retention_analyzer.py' and 'scripts/survival_analyzer.py'. * Boundary markers: The skill does not implement delimiters or explicit instructions to ignore commands embedded within the analyzed data. * Capability inventory: The agent has access to 'Write' and 'Bash' tools, which are used to generate HTML reports and save visualization files. * Sanitization: Column names and data values are directly embedded into HTML reports via f-strings in 'export_retention_report' and 'export_report', allowing for the propagation of potentially malicious content.
Audit Metadata