Skills
skills/aradotso/data-skills/harvard-art-museum-data-pipeline/Gen Agent Trust Hub

harvard-art-museum-data-pipeline

Warn

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a source code repository from a non-trusted GitHub user account.
  • Evidence: git clone https://github.com/Manali0711/Harvard-Artifacts-Collection-Data-Engineering-Analytics-App.git in SKILL.md.
  • [REMOTE_CODE_EXECUTION]: The installation and execution workflow directs the user to run an application fetched from an external untrusted repository, which could contain malicious logic not disclosed in the provided code snippets.
  • Evidence: Instructions to run streamlit run app.py after cloning the external repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 24, 2026, 08:56 PM
Security Audit — agent-trust-hub — harvard-art-museum-data-pipeline