parquet-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill enables an agent to ingest untrusted external data which can then be coupled with sensitive execution tools. 1. Ingestion points: Functions like pd.read_parquet, pq.read_table, pd.read_csv, and pd.read_json in SKILL.md are documented for loading external data. 2. Boundary markers: No delimiters or safety instructions are provided to separate data from instructions. 3. Capability inventory: The skill allows powerful tools including Bash, Write, Edit, Grep, Glob, and Read in its YAML frontmatter. 4. Sanitization: There is no evidence of data sanitization or validation before the agent acts on the contents of the processed files.
- [External Downloads] (LOW): The skill refers to standard data science libraries including pandas, pyarrow, and deltalake. These are trusted dependencies but contribute to the overall capability of the skill to process complex external formats.
Recommendations
- AI detected serious security threats
Audit Metadata