compare-csv
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill defines a workflow where data from external CSV files is ingested and used to generate executable Robot Framework (.robot) scripts, creating a potential injection surface.
- Ingestion points: The agent is instructed in Step 2 to parse user requests and paths for 'actual' vs 'expected' CSV files.
- Boundary markers: The instructions lack specific delimiters or guardrails to prevent the agent from obeying instructions that might be embedded within the CSV data (e.g., in column headers or row values).
- Capability inventory: The skill leverages the 'Read' tool to access local files and the 'Write' tool to generate executable .robot scripts in the filesystem.
- Sanitization: There is no mention of sanitizing or escaping the CSV content before it is interpolated into the generated test suite templates.
Audit Metadata