csv-excel-merger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest and process external files (CSV, Excel, TSV) which represents an attack surface for indirect prompt injection. However, the data is handled as structured input for programmatic manipulation rather than as natural language instructions for the LLM. Evidence: Step 1 and 2 (Ingestion points: input files); Capability inventory: file system access via pandas; Sanitization: not specified.
- Dynamic Execution (SAFE): The skill involves generating and suggesting Python code execution to the user to perform the data merge. Since this is the primary purpose of the skill and involves standard templates using known libraries, it is considered safe within the context of the skill's functionality. Evidence: Step 4 and 7 (Python/pandas script generation).
Audit Metadata