q-exploratory-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is a legitimate tool for data analysis, and all identified behaviors are consistent with its primary purpose.
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/run_eda.py) to perform its primary function. This execution is confined to the specific tasks described in the documentation and involves standard local file system interactions. - [EXTERNAL_DOWNLOADS]: The skill recommends the installation of several well-known libraries (
pandas,numpy,scipy,openpyxl) from standard public registries. These dependencies are essential for statistical analysis and are treated as safe sources. - [PROMPT_INJECTION]: The skill processes user-provided tabular data, which constitutes an inherent surface for indirect prompt injection. This risk is managed within the context of the skill's data analysis function.
- Ingestion points: Tabular data is loaded from CSV or Excel files in
scripts/run_eda.pyvia thepandaslibrary. - Boundary markers: Absent. The skill does not explicitly use delimiters to separate data content from instructions when the agent generates the summary report.
- Capability inventory: The skill utilizes local script execution for data processing and uses agent tools to read/write files in the local project directory.
- Sanitization: Standard statistical transformations are performed; no specific text sanitization is applied to the raw data before it is incorporated into the final report.
Audit Metadata