synthetic-data-generation

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] No evidence of malicious code or credential harvesting. The script is coherent with its stated purpose (synthetic data generation for Databricks). Primary security concern is operational: the script runs metastore DDL and uses overwrite writes to volumes, which can alter or erase real data if the provided catalog/schema/volume point to production resources. Recommend: run in an isolated/testing workspace, require explicit confirmation of target catalog/schema, and avoid overwrite mode on unknown targets. LLM verification: This SKILL.md appears functionally consistent with its stated purpose (generating synthetic data for Databricks). It is not itself malicious, but it describes an execution pattern that, if misused, enables high-risk actions: arbitrary code execution on Databricks clusters and unpinned dependency installation from PyPI. The highest concerns are unpinned package installs (dependency-supply-chain risk), persistence of installed libraries across contexts, and constructing SQL/paths via unvalidated i