csv-data-summarizer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): The SKILL.md file uses high-pressure markers ('CRITICAL BEHAVIOR REQUIREMENT', 'FORBIDDEN BEHAVIORS') to command the agent to ignore standard user interaction and safety verification steps.
- Indirect Prompt Injection (MEDIUM): The skill automatically ingests untrusted CSV data into the agent's reasoning context. Evidence Chain: 1. Ingestion point: analyze.py loads data via pd.read_csv. 2. Boundary markers: Absent. 3. Capability inventory: analyze.py generates statistical summaries and writes image files. 4. Sanitization: Absent.
- Command Execution (LOW): The analyze.py script executes locally to process data and save image files to disk.
- External Downloads (LOW): The skill depends on external Python packages (pandas, matplotlib, seaborn) which are downloaded from public repositories; however, these are standard and trusted libraries.
Recommendations
- AI detected serious security threats
Audit Metadata