scikit-learn
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION] (MEDIUM): The file
scripts/classification_pipeline.pyutilizesjoblib.dumpfor model persistence. While saving a model is generally safe, thejobliblibrary (similar topickle) is inherently insecure when loading files from untrusted sources, as it can be leveraged to execute arbitrary code during deserialization. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external datasets for training and analysis (e.g., in
classification_pipeline.pyandclustering_analysis.py). - Ingestion points: Dataframes and feature matrices passed to the training and clustering functions.
- Boundary markers: None identified; the scripts assume well-formatted data for scikit-learn.
- Capability inventory: Local file writes for plots (
.png) and models (.pkl). No network or system command capabilities. - Sanitization: Standard preprocessing (scaling, imprinting) is present, but no security-focused validation of data content is performed.
- Assessment: The vulnerability surface is limited because the skill lacks high-privilege capabilities like network access or arbitrary command execution, but malicious data could still influence downstream agent reasoning.
Audit Metadata