monte-carlo-push-ingestion
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate integration tool designed to help users synchronize data warehouse metadata with the Monte Carlo platform.
- [EXTERNAL_DOWNLOADS]: The skill correctly references the official 'pycarlo' SDK and standard database connector packages (such as 'snowflake-connector-python', 'google-cloud-bigquery', 'databricks-sql-connector', 'psycopg2-binary', and 'pyhive') from established registries. It also points to official public resources hosted by Monte Carlo on GitHub ('github.com/monte-carlo-data/mcd-public-resources').
- [DATA_EXFILTRATION]: The skill transmits collected warehouse metadata and logs to documented Monte Carlo API endpoints ('integrations.getmontecarlo.com' and 'api.getmontecarlo.com'). This behavior is the explicit, documented purpose of the integration and does not constitute unauthorized data exfiltration.
- [CREDENTIALS_UNSAFE]: Security best practices are followed throughout the skill; instructions and templates guide users to manage sensitive API keys and warehouse credentials via environment variables (such as MCD_INGEST_ID and MCD_INGEST_TOKEN) and command-line arguments, avoiding hardcoded secrets.
Audit Metadata