great-tables
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs the great_tables, pandas, and polars packages. While these are legitimate libraries from Posit, they are not included in the specified list of trusted organizations. The severity is lowered to LOW because these dependencies are essential to the skill's primary purpose.
- COMMAND_EXECUTION (LOW): The README instructions use pip install for environment setup.
- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface. (1) Ingestion points: Untrusted data enters the context via DataFrames passed to the GT() constructor in README.md. (2) Boundary markers: No markers or explicit warnings to ignore embedded instructions are present in the documentation. (3) Capability inventory: The skill has the ability to write files (table.save()) and generate raw HTML strings (table.as_raw_html()). (4) Sanitization: The provided code examples do not include sanitization or escaping of input data.
Audit Metadata