data-integration
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill promotes industry-standard security practices for data integration.
- [PROMPT_INJECTION]: The skill provides architectural patterns for ingesting data from external SaaS platforms and event streams, which constitutes a surface for indirect prompt injection. This is mitigated through documented best practices.
- Ingestion points: External data entering via webhooks and API responses as described in
references/enterprise-connectors.md. - Boundary markers: Recommends using signature verification (e.g., for Stripe webhooks) and idempotency keys to validate source authenticity.
- Capability inventory: Data processing is handled through standard libraries like
requestsanddltfor warehouse ingestion. - Sanitization: Emphasizes the use of schema contracts and Pydantic validation to enforce data integrity and prevent schema confusion.
- [CREDENTIALS_UNSAFE]: The skill explicitly advises using environment variables and secrets managers for API keys and tokens, avoiding hardcoded credentials in code snippets.
- [EXTERNAL_DOWNLOADS]: Installation and reference links point to the author's official GitHub repository, which is a trusted vendor resource for this skill.
- [REMOTE_CODE_EXECUTION]: No patterns for arbitrary command execution or remote script execution from untrusted sources were found. Package requirements are limited to standard and safe data engineering libraries.
Audit Metadata