analyzing-data-html-report
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes local Python scripts (analyze.py) using the shell to process data. This is the primary mechanism for its data analysis functionality.
- [EXTERNAL_DOWNLOADS]: The generated reports reference standard CSS and JavaScript libraries (TailwindCSS, ECharts, FontAwesome) from well-known and trusted CDN providers such as Cloudflare and Google. These are used for styling and data visualization.
- [PROMPT_INJECTION]: The skill ingests untrusted data from local files (e.g., CSV) which creates an indirect prompt injection surface. 1. Ingestion points: Data is read from files like sales.csv in reference/report-workflow.md. 2. Boundary markers: None identified for delimiting untrusted data from instructions. 3. Capability inventory: The skill uses shell_exec to run generated scripts and performs file writes as seen in reference/report-workflow.md. 4. Sanitization: Code examples show numerical validation and cleanup but lack sanitization against prompt injection.
Audit Metadata