byted-data-label
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses aggressive intent-matching instructions in the metadata to hijack generic data processing tasks (e.g., 'sentiment analysis', 'translation', 'batch processing'), which may override other specialized agent skills.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted external data through LLM-based analysis nodes.\n
- Ingestion points: Untrusted data enters the context via the
--file,--raw-data, and--raw-data-filearguments inscripts/seederive.py.\n - Boundary markers: The skill does not implement explicit delimiters or 'ignore' instructions to isolate processed data from system instructions.\n
- Capability inventory: The skill possesses capabilities for task management (create, list, update, delete) and file uploads through its CLI wrapper script.\n
- Sanitization: No validation or sanitization of the input content is performed before it is sent to the LLM nodes.\n- [COMMAND_EXECUTION]: The script
scripts/seederive.pyuses thesubprocessmodule to dynamically install therequestslibrary if it is not found in the environment. While this targets a standard library, it involves runtime shell command execution viapip install.\n- [EXTERNAL_DOWNLOADS]: The skill initiates network connections to a vendor-controlled API gateway athttps://sd6qlcofkmfq59riqgli0.apigateway-cn-beijing.volceapi.comand may download packages from the Python Package Index (PyPI) during dependency resolution.
Audit Metadata