stata-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to run Stata in batch mode (e.g.,
stata -e do filename.do) and manages project history using Git (e.g.,git add,git commit). These operations are essential for the primary purpose of conducting and documenting reproducible research. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install community-contributed Stata packages (e.g.,
reghdfe,csdid,ivreg2) using the standardssc installcommand. These packages are fetched from the official Statistical Software Components (SSC) archive hosted by Boston College, which is the well-known, trusted registry for the Stata community. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads configuration data from
project.yamland processes external data files (CSV, Excel). If these files were to contain malicious instructions, they could theoretically influence the agent's behavior during the analysis phases. However, the risk is assessed as low as the skill is intended for use within a controlled research environment and the capabilities are limited to the user's local Stata installation.
Audit Metadata