data-validation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): The script does not access sensitive file paths (e.g., SSH keys, AWS credentials) or perform network operations to exfiltrate data.
- [Obfuscation] (SAFE): The code is written in clear, standard Python without any use of Base64 encoding, zero-width characters, or homoglyphs.
- [Unverifiable Dependencies & RCE] (SAFE): The skill only depends on the standard
pandaslibrary. There are no patterns of downloading and executing remote scripts or using dangerous functions likeeval()orexec(). - [Indirect Prompt Injection] (LOW):
- Ingestion points: Data enters via the
df(DataFrame) anddata(dict) arguments inscripts/validators.py. - Boundary markers: Absent; the skill processes data directly without delimiters.
- Capability inventory: None; the provided scripts perform only in-memory data transformations and validation checks.
- Sanitization: Absent; the skill does not filter for natural language instructions within the data.
- Assessment: While it processes untrusted data, the lack of side-effect capabilities (no file writes, network calls, or command execution) within the script logic limits the risk to the agent's internal reasoning context.
Audit Metadata