nemo-curator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation examples for the NeMo Curator library from NVIDIA. All referenced dependencies (nemo-curator, cudf, dask, rapids) are standard, legitimate data science and GPU-acceleration libraries.
- [EXTERNAL_DOWNLOADS]: The skill references models from trusted and well-known sources, including NVIDIA's official repositories (nvidia/quality-classifier-deberta), Hugging Face (sentence-transformers), and OpenAI (CLIP). These are documented neutrally as they are integral to the toolkit's primary function of data curation.
- [DATA_EXFILTRATION]: The skill explicitly includes PII (Personally Identifiable Information) redaction modules, which is a security-positive feature for data processing pipelines.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted external data (such as web scrapes from Common Crawl), its primary purpose is to filter and clean this data. No exploitable capabilities (like arbitrary code execution or shell access) were found that would allow an attacker to leverage the processed data for injection within the skill's execution context.
Audit Metadata