data-visualization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection. It is instructed to 'Analyze data structure and types' and 'Test with real data' as ingestion points, but lacks any boundary markers or sanitization steps to distinguish data from instructions. Given the skill's capability inventory including 'Bash', 'Write', and 'Edit', an adversary could embed malicious commands in a dataset that the agent then executes during the 'Implement and Iterate' phase.
- COMMAND_EXECUTION (MEDIUM): The skill explicitly requires 'Bash' access. While often used for environment setup in data science, this permission provides an execution vector for malicious payloads delivered via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata