analyze-stats
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to assist medical researchers with statistical analysis. It includes extensive guardrails for data privacy, explicitly instructing the agent to check for Protected Health Information (PHI) and avoid displaying sensitive values.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute generated Python and R scripts. This is the primary intended function of the skill. To mitigate risk, the skill mandates a workflow where an analysis plan is presented for user approval before any code is executed.
- [DYNAMIC_EXECUTION]: Static analysis identified dynamic imports in
likert_summary.pyandsurvival_analysis.py. Investigation shows these are used solely to report package versions for reproducibility (e.g., checking ifpingouinis installed). The module names are selected from a hardcoded list of standard libraries, posing no security risk. - [EXTERNAL_DOWNLOADS]: Several R templates include instructions or suggestions for installing missing packages (e.g.,
mada,meta,pwr). These are presented as suggestions to the user rather than automated background installations from untrusted sources. - [PROMPT_INJECTION]: No attempts to override system instructions or bypass safety filters were detected. The instructions prioritize anti-hallucination measures and strictly follow scientific reporting standards (e.g., STROBE, CONSORT).
Audit Metadata