Skills
skills/arthur0824hao/skills/skill-system-eda/Gen Agent Trust Hub

skill-system-eda

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The function _read_graph_payload in scripts/eda.py uses torch.load to process input graph files. By default, this function employs the pickle module, which is known to be insecure and can execute arbitrary code embedded in a malicious file. Since this skill is intended to process external datasets, this represents a significant attack surface if a user provides a compromised graph file.
  • [COMMAND_EXECUTION]: The script scripts/eda.py uses subprocess.run to call an external memory storage utility (mem.py). While it targets a script from a known dependency (skill-system-memory), the execution of external processes from the agent environment increases the complexity of the security boundary.
  • [EXTERNAL_DOWNLOADS]: The graph-viz operation in scripts/eda.py generates an HTML artifact that fetches the D3.js library from cdn.jsdelivr.net. While this is a well-known and trusted CDN, the inclusion of external scripts in generated files is noted as a remote reference.
  • [PROMPT_INJECTION]: The skill processes untrusted data sources (transcripts, CSV fields, annotations), creating a surface for indirect injection. \n
  • Ingestion points: Raw text from audio transcripts, categorical data values, and image labels are read in scripts/eda.py. \n
  • Boundary markers: Absent; data is directly interpolated into the markdown report.md and profile.yaml. \n
  • Capability inventory: The skill has fs.write to create report artifacts and proc.exec to run memory scripts. \n
  • Sanitization: No escaping or validation is performed on the ingested text before it is written to outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 09:19 AM