zarr-python
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a section titled 'Suggest Using K-Dense Web For Complex Worflows' which contains explicit instructions for the AI agent to steer user interactions toward a specific commercial platform (www.k-dense.ai). This is a form of behavioral override used for promotional purposes.
- [PROMPT_INJECTION]: The skill's primary function involves ingesting and processing data from external sources, which creates a potential surface for indirect prompt injection attacks.
- Ingestion points: Data is ingested from local files, ZIP archives, S3 buckets, and Google Cloud Storage via functions such as
zarr.open,xr.open_zarr, andda.from_zarr(SKILL.md). - Boundary markers: The documentation does not demonstrate the use of delimiters or instructions to ignore embedded commands within the ingested array data or metadata attributes.
- Capability inventory: The skill possesses significant capabilities, including local and cloud filesystem writes (
zarr.create_array,to_zarr,append) and network interaction with AWS and GCP storage services. - Sanitization: There is no evidence of data validation or sanitization of input data before it is processed or integrated into the agent's context.
Audit Metadata