cco-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
retention_decomposition_analyzer.py,customer_segmentation_designer.py,cs_coverage_calculator.py) using relative paths to process data files. - [PROMPT_INJECTION]: The skill ingests untrusted data from external files, presenting a potential surface for indirect prompt injection. 1. Ingestion points: The skill reads data from
cohorts.json,customers.json, andbook.jsonvia analysis scripts. 2. Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the JSON files are provided. 3. Capability inventory: The skill has shell execution capabilities to run Python scripts for data processing. 4. Sanitization: No data validation or sanitization steps are documented for the ingested files.
Audit Metadata