Skills
skills/owid/etl/update-dataset/Gen Agent Trust Hub

update-dataset

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection risk by processing external data sources that could contain malicious instructions.
  • Ingestion points: Processes dataset files, metadata in dag/main.yml, and workbench artifacts.
  • Boundary markers: Lacks clear delimiters between untrusted data and system instructions.
  • Capability inventory: Can perform file writes, git commits/pushes, and SQL queries via subagents like step-fixer.
  • Sanitization: No sanitization of ingested dataset content is evident before it is used to drive agent actions.
  • [COMMAND_EXECUTION]: Executes various shell-based tools and subagents through command-line interfaces.
  • Evidence: Directly executes date, etl update, and make query commands.
  • Evidence: Orchestrates multiple subagents (etl-pr, snapshot-runner, step-fixer) that interact with the system shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 08:23 PM