csv-data-summarizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The SKILL.md file contains 'CRITICAL BEHAVIOR REQUIREMENT' blocks using aggressive language ('DO NOT ASK', 'JUST DO IT') designed to force the agent to bypass standard conversational protocols and user confirmation.
- Indirect Prompt Injection (LOW): The skill processes untrusted external CSV data which could be used to influence agent output. 1. Ingestion points: analyze.py (line 15) uses pd.read_csv() on user-supplied files. 2. Boundary markers: Absent. The skill does not implement delimiters or 'ignore instructions' warnings for the processed data. 3. Capability inventory: Local file reading (pd.read_csv), local file writing (plt.savefig), and console output. 4. Sanitization: Absent. Data is processed directly by pandas without content validation.
Audit Metadata