data-science-feature-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill references multiple tools and patterns that involve the execution of code or starting local services.\n
- Notebook Execution Tools: References to nbconvert, papermill, and voila (in references/sharing-publishing.md and references/notebook-testing.md) involve tools that execute code within Jupyter notebooks.\n
- Local Servers: Usage of bokeh serve, streamlit run, and dash apps (in references/bokeh-server.md, references/streamlit-advanced.md, and references/plotly-dash.md) initiates local web servers.\n
- Unsafe Deserialization: The load_model example in references/streamlit-advanced.md uses pickle.load(). While standard for ML model persistence, it is a known surface for arbitrary code execution if the input file is malicious.\n- [EXTERNAL_DOWNLOADS]: The skill mentions various third-party libraries and provides instructions for their installation.\n
- Package Installation: Mentions pip install for packages such as nbval, voila, streamlit-aggrid, and streamlit-echarts across several reference files.\n
- External References: Includes links to documentation and repositories for well-known data science projects like Scikit-learn, Feature-engine, and Sentence Transformers, which are considered trusted sources.
Audit Metadata