data-mystic
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
data-mysticPython package and several standard data science libraries includingpandas,numpy,scikit-learn,prophet,matplotlib,seaborn,networkx,scipy,imbalanced-learn, andydata-profilingfrom the official PyPI registry. - [COMMAND_EXECUTION]: The skill defines and executes several CLI commands (e.g.,
data-mystic correlate,data-mystic anomalies,data-mystic forecast) to perform statistical analysis and pattern recognition on local data files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing nature.
- Ingestion points: The skill ingests external data from files such as CSV, JSON, and system logs (e.g.,
/var/log/app/events_2024.jsonl) via the--inputflag defined inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potential commands embedded within the data being analyzed.
- Capability inventory: The skill possesses the capability to execute complex data analysis commands and generate reports that are then read by the agent.
- Sanitization: While the skill documentation mentions validation of file existence and schema (Step 1 in
SKILL.md), it lacks specific content sanitization to filter out malicious instructions hidden within the datasets.
Audit Metadata