shap
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill's instructions and code examples for production deployment recommend using
joblib.load()to load serialized models and SHAP explainer objects. Sincejoblibrelies on thepicklemodule, loading data from untrusted sources could result in arbitrary code execution on the user's system. Evidence found inSKILL.mdandreferences/workflows.mdin production-related examples. - [EXTERNAL_DOWNLOADS]: The skill instructions provide commands to install the
shappackage and its dependencies via theuvpackage manager. Evidence found in theInstallationsection ofSKILL.md. This is a routine operation for using a legitimate third-party library. - [INDIRECT_PROMPT_INJECTION]: The skill defines a processing flow for external models and datasets, creating a surface for indirect instruction injection. 1. Ingestion points: External model objects and dataset samples like
X_testprocessed inSKILL.mdandreferences/workflows.md. 2. Boundary markers: No explicit markers or safety instructions are used to separate user-provided data from agent logic. 3. Capability inventory: The skill utilizes file-writing capabilities throughjoblib.dumpandmatplotlib.pyplot.savefig. 4. Sanitization: No data validation or sanitization mechanisms are implemented for the ingested data.
Audit Metadata