csv-summarizer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and summarize external CSV data, which is an untrusted source. • Ingestion points: CSV files provided by users or external systems. • Boundary markers: No delimiters or instructions are specified to prevent the agent from following commands embedded within the data. • Capability inventory: Statistical analysis, trend identification, and report generation which influence reasoning and decision-making. • Sanitization: No validation or sanitization of the input content is mentioned.
- [Unverifiable Dependencies] (LOW): The skill references several common Python and Node.js libraries (e.g., pandas, matplotlib, csv-parse) without specifying versions. This allows for potential dependency confusion or the use of vulnerable versions if not managed by the environment.
Audit Metadata