feature-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate data analysis tasks as described and remains confined to the user-specified input and output directories.
- [COMMAND_EXECUTION]: The skill uses
pandas.DataFrame.query()for data filtering inscripts/analyzer.pyand_vendor/data/splitting.py. This functionality allows for dynamic data manipulation based on user-provided CLI arguments, which is a standard and necessary feature for a data exploration tool. - [PROMPT_INJECTION]: The skill processes external data and user-defined filtering strings, which constitutes an indirect injection surface.
- Ingestion points: Data is loaded from Parquet or CSV files via
_vendor/data/loading.pyusing the--data_pathparameter. - Boundary markers: No specific delimiters are employed to isolate untrusted data from processing logic.
- Capability inventory: The skill can execute complex pandas expressions and write results to the local filesystem.
- Sanitization: The
_adapt_query_for_dtypesfunction in_vendor/data/splitting.pyprovides basic syntax corrections for data types, though it does not serve as a security-focused sanitizer.
Audit Metadata