data-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill metadata (SKILL.md) and workflow instructions explicitly allow and encourage the use of the
picklemodule for loading data and saving results. Since thepicklemodule is notoriously unsafe and allows for arbitrary code execution during deserialization, an attacker providing a malicious .pkl file as the data source could achieve code execution on the system running the agent. - PROMPT_INJECTION (LOW): The skill is designed to ingest untrusted external data (CSV, JSON, Pickle) as specified in the input arguments ($0). This creates a surface for Indirect Prompt Injection where malicious instructions embedded in the data files could influence the agent's behavior during the '4-Round Code Review' process or results interpretation.
- SAFE (SAFE): The provided Python scripts (
stat_summary.pyandformat_pvalue.py) are well-structured and do not contain hidden backdoors, network exfiltration, or obfuscated code. They rely on standard libraries and common data science packages.
Audit Metadata