deeplake-managed
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation suggests the use of
sudoto install the system utilityffmpegto support video ingestion tasks. - [EXTERNAL_DOWNLOADS]: The skill relies on multiple third-party libraries including
requests,aiohttp,pymupdf,Pillow,pycocotools,numpy,pandas,pdfjs-dist, andsharp. It also supports fetching datasets from HuggingFace. - [REMOTE_CODE_EXECUTION]: The Node.js implementation utilizes a WebAssembly (WASM) module compiled from C++ for data processing, involving the execution of compiled binary code.
- [PROMPT_INJECTION]: The skill processes untrusted external data (such as PDF text, video segments, and image metadata) which creates a surface for indirect prompt injection. A malicious file could contain instructions that influence the agent's behavior when the processed data is later queried or summarized. \n
- Ingestion points:
client.ingestmethod inSKILL.mdused for processing local files and external datasets. \n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are mentioned in the documentation. \n
- Capability inventory: The skill is capable of file reading, making network requests to the DeepLake API, and executing SQL queries as described in
SKILL.mdandreference.md. \n - Sanitization: No explicit sanitization or validation processes for the content of ingested files are described.
Audit Metadata