Skills
skills/terminalskills/skills/pandas-ai/Gen Agent Trust Hub

pandas-ai

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection through functions like analyze_dataset that process arbitrary natural language questions.
  • Ingestion points: The questions parameter in the analyze_dataset function in SKILL.md.
  • Boundary markers: No markers are used to isolate user queries or prevent the LLM from following embedded instructions.
  • Capability inventory: The skill uses the pandasai library, which can execute generated Python code.
  • Sanitization: No sanitization or validation of the input questions or generated code is present.
  • [COMMAND_EXECUTION]: The pandasai library's core mechanism is the dynamic generation and execution of Python code via exec(). This presents a risk where a crafted natural language query could lead to the execution of malicious system commands within the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the pandasai package and its optional dependencies from the Python Package Index (PyPI).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:16 PM