data-wizard
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts including data-profiler.py and data-quality-scorer.py using the !uv run command. These scripts are part of the skill package and are used for data profiling and quality assessment.
- [EXTERNAL_DOWNLOADS]: The skill relies on and references a large ecosystem of standard Python packages such as pandas, scikit-learn, and xgboost. These are well-known libraries in the data science community and are required for the skill's intended functionality.
- [PROMPT_INJECTION]: A surface for indirect prompt injection (Category 8) was identified. The skill ingests untrusted data from external files (CSV, Parquet, etc.) and extracts metadata like column names to present to the agent. Maliciously crafted data files could attempt to influence agent behavior through these fields.
- [DATA_EXFILTRATION]: No evidence of unauthorized network communication or hardcoded credentials was found. The skill processes data locally and provides analysis results within the agent context.
Audit Metadata