skills/jeremylongshore/claude-code-plugins-plus-skills/preprocessing-data-with-automated-pipelines/Gen Agent Trust Hub
preprocessing-data-with-automated-pipelines
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/pipeline.pyusessubprocess.runto orchestrate the execution of bundled Python scripts (validate_data.py,transform_data.py,handle_errors.py). This is a legitimate use of the tool for its stated purpose as a pipeline manager, and commands are constructed safely using argument lists. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external CSV and JSON data files. 1. Ingestion points:
scripts/transform_data.pyandscripts/validate_data.pyread data into the pipeline. 2. Boundary markers: No specific delimiters are used to isolate data from instructions in the processing scripts. 3. Capability inventory: The agent has the ability to execute subprocesses and write files via the bundled scripts. 4. Sanitization:scripts/validate_data.pyperforms basic data type and schema validation, which provides some level of structural sanitization. - [SAFE]: No evidence of data exfiltration, credential exposure, or persistence mechanisms was found. The skill does not perform any network operations or download external code.
Audit Metadata