spice-accelerators
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of a markdown file providing instructions and YAML configuration templates for the Spice.ai runtime. It does not include any Python, Node.js, or shell scripts.
- [COMMAND_EXECUTION] (SAFE): While the configuration includes a
retention_sqlparameter for executing SQL queries on accelerated data, this is a standard feature of the Spice.ai component and does not represent an arbitrary command execution vulnerability within the skill itself. - [EXTERNAL_DOWNLOADS] (SAFE): The documentation refers to external data sources (PostgreSQL, S3, Kafka) and official Spice.ai documentation links, which are appropriate for its stated purpose of configuring data acceleration.
- [DATA_EXFILTRATION] (SAFE): No patterns of credential theft or unauthorized data transmission were detected. The file paths used for local caching (e.g.,
./data/cache.db) are standard for local development and materialization.
Audit Metadata