Skills
skills/ysm-dev/skills/csv-analyzer/Gen Agent Trust Hub

csv-analyzer

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/csv_profile.py is vulnerable to SQL injection. It uses Python f-strings to directly interpolate the filepath command-line argument and CSV column names into SQL queries. An attacker could exploit this by providing a maliciously crafted filename or a CSV file with headers designed to execute arbitrary SQL commands within the DuckDB environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external files.
  • Ingestion points: CSV, TSV, and Parquet files are loaded and analyzed using DuckDB, Polars, and the csv_profile.py script.
  • Boundary markers: The skill does not implement delimiters or instructions to help the agent distinguish between data and potential malicious commands embedded within the files.
  • Capability inventory: The agent has access to powerful data processing tools (DuckDB, Polars) and general-purpose Python execution, which could be leveraged if an injection is successful.
  • Sanitization: No sanitization, validation, or escaping is applied to file content or metadata before it is used in computations or displayed to the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 3, 2026, 10:34 AM