interpreting-culture-index
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (SAFE): The skill processes untrusted external data sources, specifically PDF documents and interview transcripts, which are potential surfaces for indirect prompt injection attacks. However, the risk is minimized by the skill's specific data extraction methodology and limited capabilities. \n
- Ingestion points: PDF files containing Culture Index charts (
scripts/extract_pdf.py) and interview transcripts (workflows/predict-from-interview.md). \n - Boundary markers: The workflows use XML-like tags (e.g.,
<process>,<required_reading>) to structure the agent's instructions, although they lack explicit instructions to ignore nested commands within processed data. \n - Capability inventory: Local file reading, JSON serialization, and execution of standard OCR/PDF system binaries (
tesseract,poppler). The skill lacks network access or the ability to modify critical system files. \n - Sanitization: The extraction process for PDFs uses OpenCV and coordinate-based OCR to pull numeric values from specific chart regions, which effectively filters out malicious text instructions embedded in the documents.
Audit Metadata