data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk vulnerability surface by combining external data ingestion with powerful execution capabilities.\n
- Ingestion points: Untrusted data is ingested from
data.csvusingpd.read_csvand from SQL databases through query templates (SKILL.md, Steps 1 and 2).\n - Boundary markers: Absent. The skill provides no instructions or delimiters to help the agent distinguish between legitimate data and malicious instructions embedded within the processed datasets.\n
- Capability inventory: The skill allows high-privilege tools including
Bash(allowed-tools) and Python execution, which includes file-writing operations viaplt.savefig(SKILL.md, Step 4).\n - Sanitization: Absent. There is no logic or guidance for validating, escaping, or sanitizing external content before it is processed by code or used to influence agent decisions.\n- COMMAND_EXECUTION (MEDIUM): The skill explicitly allows the
Bashtool in its configuration. While common for data tasks, the inclusion of arbitrary shell access significantly escalates the impact of potential prompt injection vulnerabilities found in the analysis scripts.
Recommendations
- AI detected serious security threats
Audit Metadata