multi-source-data-merger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process data from external, heterogeneous sources which constitutes an ingestion surface for untrusted data.
- Ingestion points: Heterogeneous source files including JSON, CSV, Parquet, and XML mentioned in SKILL.md.
- Boundary markers: None specified for the external data content.
- Capability inventory: Python script execution, file read/write operations (e.g., creating output/merged_data.json).
- Sanitization: Not explicitly addressed; the skill focuses on data normalization and type conversion for functional purposes rather than security.
- [Dynamic Execution] (LOW): The workflow involves generating and executing Python scripts to perform data merging.
- Evidence: The skill guides the agent to write a script and verify it using 'python -m py_compile script.py' and subsequent execution.
- Context: This is a standard approach for data engineering tasks and uses logic derived from the skill's own templates.
- [Unverifiable Dependencies] (SAFE): The skill recommends installing standard, widely-trusted Python libraries.
- Evidence: Explicitly mentions 'pandas', 'pyarrow', 'openpyxl', and 'lxml' via 'uv pip install'.
Audit Metadata