statistics-math
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the skill or documentation.
- [Data Exposure & Exfiltration] (SAFE): No patterns of accessing sensitive file paths or performing unauthorized network operations were detected.
- [Obfuscation] (SAFE): No hidden, encoded, or obfuscated content such as Base64 blocks or zero-width characters was found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill utilizes well-known, trusted data science libraries (NumPy, SciPy, pandas) and does not perform any remote script downloads or runtime package installations.
- [Privilege Escalation] (SAFE): There are no commands that attempt to gain elevated privileges or modify system-wide permissions.
- [Persistence Mechanisms] (SAFE): No mechanisms for maintaining persistent access, such as shell profile modifications or scheduled tasks, were identified.
- [Metadata Poisoning] (SAFE): The metadata is accurate, transparent, and contains no hidden malicious instructions.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process external numerical data, the risk is mitigated by the lack of write operations, network access, or side-effect capabilities.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic-gated or time-delayed malicious triggers were found in the codebase.
- [Dynamic Execution] (SAFE): The skill uses safe configuration loading (yaml.safe_load) and avoids dangerous dynamic evaluation functions like eval() or unsafe deserialization.
Audit Metadata