quarto
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/render_all.py invokes the quarto CLI tool using subprocess.run. The command arguments are passed as a list without invoking a shell, which is a secure practice that prevents shell injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill references official Quarto documentation and uses standard, well-known data science libraries (Pandas, NumPy, Matplotlib, Seaborn) in its document templates. All external links point to established, trusted domains.
- [DATA_EXFILTRATION]: No patterns of unauthorized data access or external transmission were identified. The scripts operate on local files provided by the user or found within the project directory.
- [PROMPT_INJECTION]: The skill instructions and metadata do not contain any patterns indicative of prompt injection or attempts to bypass AI safety guardrails.
Audit Metadata