data-analysis
Fail
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill configuration and workflow (Step 1.7) explicitly support the use of the Python 'pickle' module for data input and output. Deserializing data from untrusted sources using 'pickle.load()' is a critical security vulnerability that can lead to arbitrary code execution.
- [COMMAND_EXECUTION]: The skill provides several shell commands to run helper scripts ('stat_summary.py' and 'format_pvalue.py') and instructs the agent to generate and potentially execute custom Python analysis code, granting broad execution capabilities.
- [PROMPT_INJECTION]: The skill is designed to ingest data from external sources (Input $0), creating a surface for indirect prompt injection. * Ingestion points: Data source input ($0) and the 'load_data' function in 'scripts/stat_summary.py'. * Boundary markers: No delimiters are present to separate untrusted data from the agent's instructions. * Capability inventory: The agent can execute shell scripts and generate code using potentially dangerous modules like 'pickle'. * Sanitization: No sanitization or validation is performed on the external data before processing.
Recommendations
- AI detected serious security threats
Audit Metadata