csv-data-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it is designed to automatically ingest and analyze untrusted data from CSV files.
- Ingestion points: The skill processes user-uploaded or referenced CSV files via the
summarize_csvfunction. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings for the agent to distinguish between its own instructions and the data within the CSV.
- Capability inventory: The skill utilizes Python execution (pandas, matplotlib, seaborn) and is instructed to generate "Actionable insights" based on the data, which could lead the LLM to follow instructions embedded in CSV cells.
- Sanitization: Absent. There are no requirements to sanitize or validate the CSV headers or content before processing.
- [Command Execution] (SAFE): The skill utilizes a local script
scripts/analyze.pyfor data processing. While this involves code execution, it uses standard, well-known libraries (pandas, matplotlib) for its primary purpose. - [Prompt Injection] (SAFE): The use of 'CRITICAL BEHAVIOR REQUIREMENT' and 'DO NOT ASK' directives are used here as a UX design pattern to ensure immediate analysis rather than an attempt to bypass system safety filters.
Audit Metadata