Skills
skills/isaaccorley/geospatial-skills/geospatial-viewers/Gen Agent Trust Hub

geospatial-viewers

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the uvx runner to download and execute Python packages (viewtif, viewgeom, viewinline) and their dependencies (duckdb, pyarrow, h5py) from the Python Package Index (PyPI). These tools are part of the author's ecosystem for geospatial data analysis.
  • [COMMAND_EXECUTION]: The instructions require the agent to execute shell commands to launch visualization interfaces. This behavior is consistent with the skill's purpose as a command-line inspection toolset.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted geospatial and tabular data.
  • Ingestion points: Processes data from various external formats like .csv, .geojson, .tif, and .parquet using the viewinline, viewgeom, and viewtif tools.
  • Boundary markers: No specific delimiters or instructions to ignore embedded natural language instructions are provided for the data being processed.
  • Capability inventory: The skill has the capability to execute subprocesses via uvx and read local or remote files.
  • Sanitization: No sanitization or content validation of the data within the geospatial files is performed prior to being processed by the viewers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 03:42 AM
Security Audit — agent-trust-hub — geospatial-viewers