data-engineering-core
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Access] (SAFE): The skill performs file system and database operations (local DuckDB, S3, PostgreSQL) consistent with its stated purpose of ETL processing. No unauthorized data exposure or exfiltration patterns are present.
- [SQL Execution] (SAFE): While some templates use string interpolation for SQL identifiers (table/column names), the documentation explicitly instructs users to validate dynamic identifiers. Parameterization is correctly used and encouraged for data values, mitigating standard SQL injection risks.
- [Dependencies] (SAFE): The skill references reputable, standard industry libraries including polars, duckdb, pyarrow, and psycopg2. There are no attempts to download or execute untrusted remote scripts.
- [Indirect Prompt Injection] (SAFE): The skill defines a surface for ingesting external data (Parquet, CSV). However, this data is processed as structured content through programmatic dataframes rather than as natural language prompts. The skill recommends schema validation at boundaries to ensure data integrity.
Audit Metadata