csv-wrangler
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted external data from CSV and Excel files, which creates a surface for indirect prompt injection.
- Ingestion points: Functions such as
detect_encoding,read_with_delimiter_detection,read_with_error_handling, andread_excel_smartinSKILL.mdtake file paths and ingest content from external files into the agent context. - Boundary markers: None present. Data from the CSV/Excel cells is read directly into memory and DataFrames without delimiters or 'ignore' instructions.
- Capability inventory: The skill is primarily focused on data transformation and returns DataFrames or dictionaries. It does not perform network operations, file writes, or arbitrary command execution based on the ingested data.
- Sanitization: The skill performs data cleaning (e.g.,
clean_numeric_column,clean_all_numeric), but this is for data integrity, not security sanitization against malicious instructions embedded in the cell content.
Audit Metadata