text-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core data processing workflow.
- Ingestion points: The skill reads and analyzes raw text documents provided by the user in the 'data/raw/' directory (noted in phases/phase1-corpus.md and phases/phase3-analysis.md).
- Boundary markers: No explicit delimiters or system instructions are defined to ensure the agent ignores instructions embedded within the corpus data.
- Capability inventory: The agent has the capability to generate and execute R/Python scripts, perform shell operations via git (SKILL.md), and write files to the local system.
- Sanitization: The skill does not implement sanitization or filtering of input text to detect or neutralize malicious instructions.
- [COMMAND_EXECUTION]: The skill uses shell commands for project management and environment setup.
- SKILL.md and phases/phase5-output.md describe using 'git add' and 'git commit' to manage the analysis workflow.
- Technique guides instruct the installation of packages using 'pip install' and 'install.packages()', as well as downloading model data via 'python -m spacy download'.
- [EXTERNAL_DOWNLOADS]: The skill references and downloads external datasets and software dependencies.
- python-techniques/02_dictionary_sentiment.md contains a function to load the NRC Emotion Lexicon from saifmohammad.com.
- R guides utilize the 'textdata' package to download standard sentiment lexicons like AFINN and NRC.
- Guidance includes downloading data for NLTK (nltk.download) and spaCy models (en_core_web_sm).
Audit Metadata