AI Data Analysis

The skill bundle is classified as suspicious due to critical vulnerabilities in `main.py`. The script directly uses `sys.argv` for `file_path` and `output_format` without sufficient sanitization. This allows for arbitrary file read (including potential Server-Side Request Forgery via URLs) when `file_path` is passed to `pd.read_csv()`, and arbitrary file write via path traversal when `output_format` is used to construct output filenames (e.g., `../../../../tmp/malicious.sh`). These vulnerabilities could lead to remote code execution if exploited by a malicious user or a prompt-injected agent.