data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection because it processes data from multiple untrusted file formats to drive analysis and code generation logic.
- Ingestion points: The skill reads data from CSV, Excel, PDF, Word, Markdown, and various image formats as defined in the data ingestion step of SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between data content and internal instructions, or to ignore potential commands embedded in the files.
- Capability inventory: The agent is empowered to generate and execute code in Python, R, SQL, and JavaScript, which could be leveraged by an indirect injection to perform unauthorized operations.
- Sanitization: The instructions do not include steps for sanitizing or validating ingested content before it is used in the reasoning process or interpolated into generated code.
- [COMMAND_EXECUTION]: The skill requires the agent to generate and execute complex code across several programming environments (Python, R, SQL, and JavaScript) based on input from external files.
Audit Metadata