tensorlake
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the creation and interaction with isolated execution environments via the Sandbox SDK. This allows the agent to run LLM-generated code and shell commands for data analysis and computation (references/sandbox_sdk.md).
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch documentation from the official domain at
https://docs.tensorlake.ai/llms.txtwhen bundled reference files are insufficient (SKILL.md). - [DATA_EXFILTRATION]: The skill handles authentication credentials for the TensorLake platform and third-party AI services. It promotes standard security practices such as using environment variables and secure secrets management within its application functions (SKILL.md, references/integrations.md).
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes data from external URLs and various document formats.
- Ingestion points: External data is ingested through the
fetch_pagefunction and theDocumentAI.parseAPI (SKILL.md, references/documentai_sdk.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation for handling fetched content.
- Capability inventory: The agent has access to powerful tools including file system operations and command execution within the Sandbox environment (references/sandbox_sdk.md).
- Sanitization: There is no evidence of sanitization or validation of untrusted content before it is processed by the agent.
Audit Metadata