data-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads external datasets (CSV, RDS, DTA) and uses their structure and content to guide code generation without sanitizing the input or using strict boundary markers.\n
- Ingestion points: Untrusted data enters the agent context via the
Readtool based on user-provided dataset paths.\n - Boundary markers: The skill lacks explicit instructions to the AI to ignore potential commands embedded within the data files during code generation.\n
- Capability inventory: The skill can write files and execute commands via
Write,Edit,Bash, andTasktools.\n - Sanitization: No data validation or content filtering is implemented for the datasets being analyzed.\n- [COMMAND_EXECUTION]: The skill dynamically generates and executes R code through shell tools like
BashandTask. While necessary for the skill's functionality, this provides a surface for executing unintended commands if the generated script is compromised.
Audit Metadata