Skills
skills/uabbasi/good-measure-giving/data-pipeline/Gen Agent Trust Hub

data-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides various CLI commands for the user to execute pipeline stages and an orchestrator script (./run_v2.sh).
  • [EXTERNAL_DOWNLOADS]: The pipeline performs network operations to fetch data from aggregators (Charity Navigator, ProPublica, etc.) and arbitrary charity websites via the web_collector.py component.
  • [PROMPT_INJECTION]: There is a vulnerability to indirect prompt injection due to the ingestion of external data.
  • Ingestion points: Data is ingested from third-party websites by web_collector.py in the src/collectors/ directory.
  • Boundary markers: No explicit use of delimiters or 'ignore embedded instructions' warnings are documented for the narrative generation prompts.
  • Capability inventory: The skill uses an LLM to generate narratives, writes data to a Supabase database, and exports results to local JSON files.
  • Sanitization: No security-focused sanitization of the retrieved web content is documented before it is passed to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:20 AM