dv-python-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Data Ingestion Surface]: The skill includes patterns for bulk-importing CSV files and querying Dataverse tables. This creates an interface where the agent processes external data, which is a potential consideration for indirect prompt injection if the source content is untrusted.
- Ingestion points:
data/tickets.csvand Dataverse record queries. - Boundary markers: Not explicitly defined in the provided script examples.
- Capability inventory: Python script execution, file system read access, and Dataverse record creation/update/deletion.
- Sanitization: Basic field mapping is demonstrated, though complex sanitization logic is left to the implementation.
- [External Dependencies]: The skill recommends installing official packages from a well-known service and trusted organization. This is a standard practice for enabling SDK functionality and supporting data analysis with tools like pandas.
- [Dynamic Path Management]: The script examples use
sys.path.insertto reference local utility scripts. This is a common pattern in Python development for organizing project-specific logic and does not involve untrusted path construction. - [Credential Management]: The documentation provides guidance on using environment variables and
.envfiles for managing secrets. This is an industry-standard practice for avoiding hardcoded credentials in source code.
Audit Metadata