cohort-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data files (CSV, Excel, JSON), which provides a surface for indirect prompt injection. 1. Ingestion points: Step 1 and the usage examples describe reading various file formats. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are included in the prompt. 3. Capability inventory: The skill generates Python analysis scripts and reads/validates local data files. 4. Sanitization: No explicit sanitization or validation of data content is mentioned.
- [DYNAMIC_EXECUTION]: The skill includes functionality to generate Python scripts for statistical analysis and visualization. Evidence: Step 2 and Step 6 explicitly mention generating pandas and numpy code. Context: This activity is a core feature of the analysis tool and is considered low risk for this use case.
Audit Metadata