data-profiling

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a Python script (scripts/profiler.py) to perform its main functionality of scanning datasets and generating reports. This is an expected behavior for a data profiling tool.
  • [EXTERNAL_DOWNLOADS]: The script depends on standard, widely-used Python packages including pandas and numpy. These are recognized as well-known libraries in the data science ecosystem.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill processes untrusted user data and incorporates it into a report that may be read by an agent.
  • Ingestion points: Data is ingested via the --data_path parameter in scripts/profiler.py using pd.read_csv and pd.read_parquet.
  • Boundary markers: The markdown report generation does not implement specific delimiters or instructions to treat data-derived strings as non-executable content.
  • Capability inventory: The skill uses a ReportWriter class (imported from a system-level utility directory) to write files and emit state updates.
  • Sanitization: The script performs basic string conversion and truncation on sample data and column names before inclusion in the output report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — data-profiling