matlab-import-tracking-data

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from user-provided files (CSV, XLSX, MAT) to infer data models. The agent displays column names and sample rows during the inspection step, which presents a surface for indirect prompt injection if the file headers or content were to contain malicious instructions. This surface is an inherent part of the data import workflow. Ingestion points: 'SKILL.md' (Step 2) uses 'evaluate_matlab_code' to read user files. Boundary markers: Absent when displaying sample content to the agent. Capability inventory: 'evaluate_matlab_code' tool. Sanitization: None identified for file content processed during model inference.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic script generation and execution via the 'evaluate_matlab_code' tool. This behavior is the primary intended function of the skill, used to format tracking data into structures like 'trackingScenarioRecording' or timetables. The code is generated based on a confirmable mapping proposed to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:27 AM
Security Audit — agent-trust-hub — matlab-import-tracking-data