pandas-performance
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill recommends using
DataFrame.eval()andDataFrame.query()for speed. These functions parse and execute string expressions. If an agent interpolates untrusted external data (like column names or filter values from a user) directly into these strings, it could lead to arbitrary code execution within the pandas environment. - Evidence:
SKILL.mdcontainsdf.eval()anddf.query()in the 'Reference Documentation' and 'Core Principles' sections. - Indirect Prompt Injection (MEDIUM): The skill focuses on processing large external datasets (CSV, Parquet) and includes file-writing capabilities.
- Ingestion points:
pd.read_csv("data.csv", ...)andpd.read_parquet('data_dir', ...)inSKILL.md. - Boundary markers: None. Data is processed as raw frames.
- Capability inventory: File writing via
df.to_parquet('data_dir', ...)and complex data transformations. - Sanitization: None provided. The skill assumes the structure and content of the data are safe for processing. If the data contains malicious instructions that influence downstream agent logic (e.g., modifying specific flags that an agent later reads), it could compromise the system.
Audit Metadata