datamodel_code_generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the 'datamodel-code-generator' package from the Python Package Index (PyPI).
- [COMMAND_EXECUTION]: The instructions involve executing system-level commands such as 'pip install' and 'datamodel-codegen', alongside creating shell scripts for automated model generation.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external, potentially untrusted OpenAPI and JSON schema files.
- Ingestion points: Files such as 'schema.json' and 'openapi.yaml' are ingested as source material for the generator.
- Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions embedded within the schemas.
- Capability inventory: The 'datamodel-codegen' tool generates Python source code based on the input specifications, which is then integrated into the project.
- Sanitization: No input validation or sanitization routines are defined to verify the integrity of the external specifications.
- [NO_CODE]: This skill package does not contain any executable scripts, binaries, or active code, consisting entirely of markdown instructions.
Audit Metadata