exploratory-data-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and the
scripts/eda_analyzer.pyscript recommend and utilize a wide range of third-party scientific libraries, including biopython, pysam, rdkit, mdanalysis, nd2reader, and others. These represent external dependencies that are typically fetched from public package registries. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted scientific data files and incorporates their content into reports reviewed by the AI agent. A malicious data file could contain instructions designed to hijack the agent's behavior.
- Ingestion points: The
scripts/eda_analyzer.pyscript reads user-provided files in various formats (CSV, FASTA, HDF5, etc.). - Boundary markers: While the analyzer script wraps data summaries in JSON blocks within the generated report, it lacks explicit warnings to the agent to disregard instructions potentially embedded within the data.
- Capability inventory: The skill has the ability to read local files, execute a Python analysis script, and write markdown reports to the filesystem.
- Sanitization: The script parses data using established libraries but does not perform sanitization to filter out natural language instructions that might be present in the data fields.
Audit Metadata