ic-eo-interpretable-code-based-assistant
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate Python code (using the iceo_api) for analyzing satellite imagery, with the intent that this code is executed after synthesis.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where untrusted natural language queries are converted into executable code.
- Ingestion points: Processes user requests (e.g., 'What percentage of this image is forest?') and file paths for uploaded imagery.
- Boundary markers: Recommends a 'code-only contract' and structured tool specifications to constrain the agent's output.
- Capability inventory: The system is capable of local code execution and remote data retrieval via Google Earth Engine.
- Sanitization: Mitigates risks by recommending execution in a sandboxed container with resource limits and restricted network access.
- [EXTERNAL_DOWNLOADS]: The workflow involves fetching Sentinel-1/2 multi-spectral data from Google Earth Engine's external API.
- [SAFE]: The documentation explicitly promotes security best practices, including sandboxed execution, pinned dependencies, and human review of generated code.
Audit Metadata