data-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. * Ingestion points: Data is loaded from '/uploads/filename.csv' using pandas in SKILL.md. * Boundary markers: Absent; no instructions are provided to isolate or ignore embedded prompts within CSV data. * Capability inventory: The skill has the ability to execute Python code and write files (PNG, HTML) to the '/workspace/' directory. * Sanitization: None; CSV content is processed directly by the analysis and visualization logic.
- [COMMAND_EXECUTION] (MEDIUM): The skill guides the agent to generate and execute Python scripts using libraries like pandas and matplotlib. This functionality provides an execution environment that can be leveraged for malicious purposes if the agent's instructions are subverted by malicious input data.
Recommendations
- AI detected serious security threats
Audit Metadata