matlab-import-tracking-data
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from user-provided files (CSV, XLSX, MAT) to infer data models. The agent displays column names and sample rows during the inspection step, which presents a surface for indirect prompt injection if the file headers or content were to contain malicious instructions. This surface is an inherent part of the data import workflow. Ingestion points: 'SKILL.md' (Step 2) uses 'evaluate_matlab_code' to read user files. Boundary markers: Absent when displaying sample content to the agent. Capability inventory: 'evaluate_matlab_code' tool. Sanitization: None identified for file content processed during model inference.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic script generation and execution via the 'evaluate_matlab_code' tool. This behavior is the primary intended function of the skill, used to format tracking data into structures like 'trackingScenarioRecording' or timetables. The code is generated based on a confirmable mapping proposed to the user.
Audit Metadata