Skills
skills/wentorai/research-plugins/wrangling-skills/Gen Agent Trust Hub

wrangling-skills

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The streamline-analyst-guide/SKILL.md file contains instructions to clone an external repository (github.com/Wilson-ZheLin/Streamline-Analyst) and execute its code via streamlit run app.py. This allows unverified third-party code to run in the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The skill suite promotes downloading software from untrusted sources:
  • Cloning an unverified GitHub repository and installing its dependencies using pip install -r requirements.txt.
  • Installing packages from the Stata SSC archive (mdesc, misstable) without source verification.
  • [COMMAND_EXECUTION]: The workflow involves executing shell commands such as git clone, pip install, and streamlit run, as well as scripts that perform file system operations on user-specified paths.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 04:36 AM