ab-test-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to generate and run Python scripts to perform statistical tests (z-test, chi-squared) and calculate metrics like p-values and confidence intervals based on user input or data files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest and process untrusted data from external files (CSV, Excel, or analytics exports) which could contain hidden instructions intended to manipulate the agent's behavior or the generated Python scripts.
- Ingestion points: External data files (CSV, Excel, analytics exports) referenced in the 'Context' section of
SKILL.md. - Boundary markers: None identified. The prompt does not include delimiters or instructions to ignore embedded commands within the data files.
- Capability inventory: The skill has the capability to generate and execute Python scripts (via the agent's runtime) to process the ingested data.
- Sanitization: No sanitization or validation logic for the content of the data files is specified in the skill instructions.
Audit Metadata