df-basic-stats
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands for dependency installation and running the analysis script. These are standard operations for the skill's purpose. \n- [EXTERNAL_DOWNLOADS]: The skill downloads well-known libraries (pandas, numpy, matplotlib, ydata-profiling) from the official PyPI registry, which is a trusted source. \n- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes external data and generates a report for the agent to interpret. \n
- Ingestion points: The
load_dataframefunction inscripts/compute_stats.pyreads user-provided files (CSV, Excel, Parquet, JSON, etc.). \n - Boundary markers: The generated Markdown report does not use specific delimiters or instructions to isolate data content from the agent's logic. \n
- Capability inventory: The skill has the ability to read local files, write reports, and generate distribution charts on the file system. \n
- Sanitization: Data content from input files is formatted into the report without explicit sanitization against potential instructions embedded in the data.
Audit Metadata