mean-comparison-test
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests user-provided CSV and Excel files and interpolates their contents (such as column names) into a Markdown report, which represents an indirect prompt injection surface.\n
- Ingestion points: User data is loaded using pandas in
scripts/run_analysis.py.\n - Boundary markers: The report generation logic lacks explicit delimiters or warnings to treat processed data as untrusted content.\n
- Capability inventory: The script has the capability to write files (Markdown and PNG) to the local filesystem.\n
- Sanitization: Input data and metadata (column names) are included in the report without escaping or sanitization.\n- [COMMAND_EXECUTION]: The skill executes the local script
scripts/run_analysis.pyto perform calculations and generate charts, which is a standard part of its data analysis workflow.\n- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration behaviors were identified in the analyzed files.
Audit Metadata