skills/jeremylongshore/claude-code-plugins-plus-skills/evaluating-machine-learning-models/Gen Agent Trust Hub
evaluating-machine-learning-models
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or sensitive data exposure were found in the provided files.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute included Python scripts for data visualization and model evaluation. This capability is appropriate for the technical analysis tasks the skill is designed to perform.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process external CSV datasets.
- Ingestion points: 'assets/visualization_script.py' reads CSV data files; 'scripts/README.md' references a 'data_loader.py' (not provided).
- Boundary markers: None explicitly defined in 'SKILL.md' to separate data from instructions.
- Capability inventory: The skill has 'Bash', 'Read', 'Write', 'Edit', 'Grep', and 'Glob' permissions.
- Sanitization: Data is handled using standard 'pandas' operations; no specific logic for sanitizing or ignoring embedded instructions within the datasets is present.
- [SAFE]: Several scripts listed in 'scripts/README.md' ('evaluate_model.py', 'data_loader.py', 'metrics_calculator.py') and an asset ('example_dataset.csv') were not included in the source provided for analysis. The available file, 'visualization_script.py', is benign.
Audit Metadata