polars
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect prompt injection risk surface identified. Evidence Chain: (1) Ingestion points: 'pl.read_csv', 'pl.scan_csv', 'pl.read_parquet', and 'pl.read_json' in SKILL.md. (2) Boundary markers: Absent from all data ingestion examples. (3) Capability inventory: File-write operations via 'pl.write_csv', 'pl.write_parquet', and 'pl.write_json' in SKILL.md. (4) Sanitization: No sanitization, validation, or escaping of external content is demonstrated. The high severity reflects the combination of untrusted external content ingestion and decision-making capabilities that have external side effects (file writes).
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install the 'polars' package. As the 'pola-rs' organization is not included in the 'Trusted GitHub Organizations' list, this finding is classified as MEDIUM severity per the audit framework's reliance on strict trusted source verification.
Recommendations
- AI detected serious security threats
Audit Metadata