nlp-pipeline-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest and process external text data and CSV files, which is a common surface for indirect prompt injection. However, this is inherent to the NLP use case, and the skill provides tools for input sanitization.
- Ingestion points: Processes user-provided text strings and datasets (train.csv, val.csv, test.csv) through the
NLPPipelineclass. - Boundary markers: No explicit delimiters are mentioned for the processed text, though the context is restricted to ML training and inference.
- Capability inventory: Includes model training (
fit), evaluation commands (/ml:nlp-evaluate), and deployment routines (/ml:nlp-deploy). - Sanitization: The
TextPreprocessorclass explicitly includes steps to remove HTML, URLs, and emails, which mitigates malicious content in data. - Unverifiable Dependencies (SAFE): The skill references the
specweavePython library. While this is not a common public package, the skill only provides documentation on how to use it and does not contain commands to download or install code from untrusted remote sources.
Audit Metadata