dataset-finder
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The
requirements.txtfile lists reputable data science libraries (e.g.,kaggle,datasets,huggingface-hub,pandas) sourced from the official Python Package Index (PyPI). No malicious or typosquatted packages were identified. - [DATA_EXFILTRATION] (SAFE): While the skill includes web scraping tools (
requests,beautifulsoup4), no patterns suggest unauthorized data transmission or access to sensitive local files. - [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest untrusted data from external sources (Kaggle, Hugging Face, and general web scraping), which presents a potential surface for indirect prompt injection attacks.
- Ingestion points: Scripts/requirements.txt indicates data retrieval from Kaggle, Hugging Face, and Web (UCI, Data.gov).
- Boundary markers: Absent; no boundary markers or instructions to ignore embedded commands were found in the provided files.
- Capability inventory: The skill possesses network request capabilities and data parsing functionality.
- Sanitization: Absent; no sanitization or validation logic for external content is present in the provided configuration or requirements.
Audit Metadata