pandas-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded in processed data files. * Ingestion points: pd.read_csv() and pd.read_parquet() calls in SKILL.md. * Boundary markers: None (Absent). * Capability inventory: Access to Write, Edit, and Bash tools. * Sanitization: None (Absent).
- [Dynamic Execution] (MEDIUM): The skill promotes the use of df.query(), which evaluates strings as Python expressions. This is a vector for expression injection if input strings are not strictly validated.
Recommendations
- AI detected serious security threats
Audit Metadata