data-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The logic in the provided scripts (data_profiler.py, query_optimizer.py, report_generator.py) is transparent and focused on data analysis tasks with no signs of malicious intent or unauthorized access.
- [COMMAND_EXECUTION]: The skill includes Python scripts designed to be executed via the command line to process local files. This behavior is documented and appropriate for the skill's purpose.
- [PROMPT_INJECTION]: The skill processes untrusted data from CSV, JSON, and SQL files. The report_generator.py script interpolates this data directly into Markdown reports. If the input data contains malicious instructions or markdown formatting, it could potentially influence the agent's behavior during analysis.
- Ingestion points: scripts/data_profiler.py, scripts/query_optimizer.py, and scripts/report_generator.py read content from user-provided files.
- Boundary markers: No boundary markers or 'ignore instructions' delimiters are used when processing or outputting data.
- Capability inventory: The scripts are limited to file reading and standard output, reducing the impact of potential injection.
- Sanitization: There is no evidence of sanitization or escaping of the data before it is formatted into the final report.
Audit Metadata