product-analytics-investigator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches product event data from official Amplitude (amplitude.com) and Mixpanel (mixpanel.com) API endpoints. These interactions are limited to data retrieval from well-known services.\n- [COMMAND_EXECUTION]: Executes the Python script
investigate.pyto process analytical data, calculate conversion funnels, and generate a summary report.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) by ingesting data from external APIs and files and interpolating it into markdown reports.\n - Ingestion points:
investigate.py(viaload_csv,fetch_amplitude, andfetch_mixpanelfunctions).\n - Boundary markers: Absent; event names and property values are placed directly into markdown tables without delimiters or warnings.\n
- Capability inventory:
investigate.pyutilizes network access for data retrieval and file system access for reading source data and writing outputs.\n - Sanitization: Absent; the script does not validate or escape event-level data before including it in the final markdown memo.
Audit Metadata