senior-data-scientist
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the skill metadata or body.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path accesses, or unauthorized network operations were identified in the scripts or documentation.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs designed to hide malicious intent were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No remote script downloads or unverified package installations are present. All referenced technologies are standard industry tools.
- Privilege Escalation (SAFE): No commands involving sudo, chmod 777, or other privilege modification techniques were found.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or system startup scripts were identified.
- Metadata Poisoning (SAFE): Metadata fields accurately reflect the stated purpose of the skill without hidden instructions.
- Indirect Prompt Injection (LOW): While the scripts include input/output parameters, they currently function as empty templates with no logic that executes or interprets the content of untrusted data. The attack surface is minimal.
- Dynamic Execution (SAFE): No use of eval(), exec(), or unsafe deserialization (e.g., pickle) was found in the Python code.
Audit Metadata