data-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external CSV and JSON files, creating a surface where malicious data could influence the agent's analysis or interpreted results.\n
- Ingestion points: Data enters through
load_data()inscripts/stat_summary.pyandcsv.DictReaderinscripts/format_pvalue.py.\n - Boundary markers: Absent (the scripts do not use delimiters or instructions to prevent processing of embedded directives in data). \n
- Capability inventory: The skill generates and runs Python code and performs file-write operations (
--output).\n - Sanitization: None (the scripts do not sanitize column headers or cell values before processing).\n- Dynamic Execution (LOW): The skill instructions and whitelist explicitly allow the
picklemodule for saving results.\n - Evidence:
SKILL.mdlistspickleunder 'Allowed Packages' and suggests its use in the workflow for saving additional results.\n - Risk: While common in data science, loading unauthenticated pickle data is an unsafe deserialization practice that can lead to arbitrary code execution.
Audit Metadata