sap-hana-ml
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the 'hana-ml' library and several visualization packages (matplotlib, plotly, graphviz, wordcloud, pillow, numpy, pandas) via PyPI. These are well-known and trusted packages.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection. 1. Ingestion points: The library includes functions such as 'import_csv_from' and 'create_dataframe_from_shapefile' (references/DATAFRAME_REFERENCE.md) that load data from external files. 2. Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within these data files. 3. Capability inventory: The skill utilizes capabilities such as 'conn.execute_sql' for database operations (references/DATAFRAME_REFERENCE.md) and 'plt.savefig' or 'wc.to_file' for file system writes (references/VISUALIZERS.md). 4. Sanitization: No data sanitization or validation logic is present in the skill to filter potentially malicious content in ingested data.
- [COMMAND_EXECUTION]: The skill documents the use of 'ConnectionContext.execute_sql' to run arbitrary SQL commands on a SAP HANA instance. While a core feature of the library, it provides a powerful interface that could be exploited if the agent processes malicious input.
Audit Metadata