q-scholar
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data (academic documents and datasets) which are then analyzed by an LLM or used to generate summaries.
- Ingestion points:
q-exploratory-analysis/scripts/run_eda.pyreads CSV/XLSX files;q-topic-finetuning/scripts/classify_outliers.pyreads document text from Excel files. - Boundary markers: The
SP_OUTLIER_TEMPLATE.txtprovides basic instructions for JSON output but lacks robust delimiters or "ignore previous instructions" guards for the data being classified. - Capability inventory: The skill utilizes file-system access (read/write), subprocess execution (running the provided EDA and classification scripts), and network access (calling the Gemini API).
- Sanitization: No explicit sanitization or filtering of the user-provided data content is performed before processing.
- [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (
run_eda.py,classify_outliers.py,generate_implementation_plan.py) to perform data analysis and topic modeling tasks. While these scripts are part of the skill package, running arbitrary code on user data carries inherent risks. - [EXTERNAL_DOWNLOADS]: The skill specifies several third-party Python dependencies (
pandas,numpy,scipy,openpyxl,google-genai,python-dotenv,tqdm). These are well-known, legitimate libraries commonly used for data science and AI tasks.
Audit Metadata