csv-data-summarizer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The instructions use highly aggressive, imperative language ('DO NOT ASK', 'NEVER SAY', 'IMMEDIATELY AUTOMATE') to override standard agent conversational guardrails and user consent. While intended for automation, this behavior forces the agent to execute code on untrusted user-provided CSV data without a human-in-the-loop verification step.
- INDIRECT PROMPT INJECTION (MEDIUM): The skill is designed to ingest and process external CSV data (Ingestion point: summarize_csv). It lacks boundary markers or sanitization requirements for the content of those files. Because it has the capability to execute code (pandas/matplotlib) and generate complex reasoning based on that data, an attacker could embed malicious instructions within CSV headers or cell data to influence the agent's summary or downstream decisions.
- COMMAND_EXECUTION (LOW): The skill relies on executing Python scripts (analyze.py) to process data. While standard for data science skills, the 'Automatic Analysis' requirement means code execution is triggered immediately upon file detection without specific user confirmation of the operation parameters.
Audit Metadata