data-specialist
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional and serves as a reference for the agent when performing data-related tasks. It consists of markdown files outlining best practices for various technologies.
- [EXTERNAL_DOWNLOADS]: The documentation references standard package installations from official registries (PyPI, NPM) and specialized builds from reputable sources such as the official GitHub releases of the vLLM project and NVIDIA's container registry (nvcr.io). These are well-known, legitimate sources for the referenced tools.
- [CREDENTIALS_UNSAFE]: The skill explicitly advocates for secure credential management. It provides examples using environment variables, .env files, and cloud-native solutions like AWS Secrets Manager. All credential strings used in code snippets are clearly marked as placeholders (e.g., 'YOUR_API_KEY_HERE').
- [COMMAND_EXECUTION]: Instructions include the use of standard development tools such as CLI utilities (bq, conda, pip, modal), database drivers, and ORM commands. These are consistent with the skill's stated purpose of providing a 'Data Specialist' environment.
- [REMOTE_CODE_EXECUTION]: While the guides discuss frameworks capable of code execution (like smolagents or AutoGen), they specifically warn against insecure patterns such as using the 'eval()' function, classifying them as dangerous practices.
Audit Metadata