data-transformers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGH
Full Analysis
- [SAFE] (SAFE): Analysis of the source code confirms that all functions are pure utilities for data processing. There are no instances of command execution, file system access, or network communication.
- [Indirect Prompt Injection] (LOW): The skill contains ingestion points for external data in functions such as
aggregateCategoriesandsanitizeHotspot. However, the capability inventory confirms no side-effect operations (subprocess, file-write, or network calls) are available, ensuring the data transformation remains isolated. - [Obfuscation] (SAFE): No hidden content, encoded strings, or homoglyphs were detected.
- [False Positive Alert] (INFO): The automated scanner alert for 'now.ge' is a false positive. It misidentified the string within the standard JavaScript function
now.getTime()as a malicious domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata