econ-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface related to processing external, untrusted data.
- Ingestion points: The skill is designed to read and process local datasets (e.g., 'data.csv' as seen in index.md/SKILL.md) provided by the user.
- Boundary markers: Absent. There are no instructions to the agent to treat dataset content purely as data or to ignore embedded natural language instructions within the data.
- Capability inventory: The skill generates executable R and Python code (using subprocess calls or code blocks) to perform data transformations and visualization.
- Sanitization: Absent. The instructions do not include steps to sanitize data or validate headers/content against a schema before generating code.
- [Unverifiable Dependencies] (LOW): The skill recommends standard, well-known libraries (tidyverse, ggplot2, matplotlib, seaborn). While these are from trusted ecosystems, they are listed without version pinning, which is a minor best-practice violation.
Audit Metadata