cdo-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run specific Python scripts (
ai_training_data_audit.py,data_product_strategy_picker.py, anddata_asset_valuator.py) to process user-provided data files. These scripts are located within the local file system using relative paths. - [SAFE]: No signs of prompt injection, data exfiltration, or obfuscation were detected. All network-related discussions in the instructions refer to legitimate data infrastructure services (Snowflake, Databricks) within a business context.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data inputs (
sources.json,profile.json,corpus.json) which serves as an ingestion surface for untrusted data. This is documented as a functional requirement for the skill's purpose. - Ingestion points: Data is ingested through the
<plan>argument and several JSON files (sources.json,profile.json,corpus.json). - Boundary markers: None explicitly defined in the instructions for the input data files.
- Capability inventory: The skill has the capability to execute Python scripts in the local environment.
- Sanitization: No specific sanitization or validation logic is defined within the prompt instructions for the external JSON content.
Audit Metadata