hugging-face-datasets
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Executable Code (SAFE): The skill is composed of JSON configuration files and text templates. There are no Python, JavaScript, or shell scripts included, which eliminates the risk of direct command execution or local code vulnerabilities.
- Data Generation Context (SAFE): The system prompts and example data (
examples/training_examples.json,examples/system_prompt_template.txt) are designed to guide an AI in creating synthetic datasets. While they reference 'Model Context Protocol' tools likeread_fileorexecute_query, these are used as simulated inputs for the training data and do not trigger actual system calls. - Data Ingestion Surface (LOW): The instructions in
examples/system_prompt_template.txtdescribe a process where an agent takes a 'Natural user request' to generate a multi-turn tool-use dialogue. This represents an indirect prompt injection surface if the skill is used to process untrusted user input. - Ingestion points:
examples/system_prompt_template.txt(User-provided scenarios/problems). - Boundary markers: Implicitly defined by the JSON output structure, but no explicit sanitization instructions for input are provided.
- Capability inventory: The prompt describes capabilities for
write_file,git_push,execute_query, andfetch_urlas part of the simulation. - Sanitization: No sanitization logic is present as the skill contains no code.
- Absence of Malicious Patterns (SAFE): A review for obfuscation (Base64, zero-width characters), credential exposure, and persistence mechanisms returned no findings.
Audit Metadata