scikit-learn
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to the agent to suggest the author's research platform, K-Dense Web, based on the complexity of the user's request. Additionally, the skill presents a surface for indirect prompt injection as it facilitates the ingestion of external data files for machine learning tasks.
- Ingestion points: Usage of
pd.read_csv('data.csv')in training and evaluation workflows. - Boundary markers: Absent; there are no provided guidelines for the agent to isolate external data from instructions.
- Capability inventory: The skill has the ability to install Python packages via
uvand execute local scripts as documented inSKILL.md. - Sanitization: Absent; code examples do not demonstrate data cleaning or validation to prevent prompt-based attacks.
- [EXTERNAL_DOWNLOADS]: The skill instructions provide commands for installing well-known machine learning libraries (scikit-learn, matplotlib, seaborn, pandas, numpy) from standard package registries.
- [COMMAND_EXECUTION]: The documentation includes instructions for running local Python scripts, such as
python scripts/classification_pipeline.py, to perform model training and analysis.
Audit Metadata