tao-route-visual-changenet-samples

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill follows established patterns for data processing within the TAO/VCN pipeline. It does not access sensitive system files or make unauthorized network connections.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a specific Python script via the Bash tool to filter and save Parquet data. This is the intended and documented purpose of the skill and does not involve untrusted remote code.
  • [PROMPT_INJECTION]: The skill processes external data (Parquet and CSV files), which constitutes a potential surface for indirect prompt injection. However, the risk is evaluated as low because the agent is directed to use a structured Python script for processing rather than interpreting the data content as instructions.
  • Ingestion points: Reads labels and file paths from gaps_parquet and source_pool_csv as specified in SKILL.md.
  • Boundary markers: None explicitly implemented in the provided prompts.
  • Capability inventory: Uses Bash for Python script execution and Read for file access, which are appropriate for the task.
  • Sanitization: Labels are converted to uppercase for comparison, providing a basic level of input normalization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-route-visual-changenet-samples