wren-dlt-connector
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates data pipeline runs and schema introspection by executing local Python scripts and 'wren' CLI commands such as 'wren context build' and 'wren --sql'.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'dlt' (Data Load Tool) package from the official Python Package Index (PyPI). This is a standard and expected dependency for the skill's data extraction functionality.
- [CREDENTIALS_UNSAFE]: While the skill manages SaaS API keys, it follows secure development practices by instructing users to store them in environment variables or local secrets files, and explicitly warns against committing them to source control.
- [DATA_EXFILTRATION]: Network activity is restricted to the legitimate extraction of data from specified SaaS APIs by the 'dlt' library to a local DuckDB destination.
- [SAFE]: The behavior of the scripts and instructions is consistent with the stated purpose of bridging SaaS data to a semantic modeling engine. No malicious patterns or obfuscation techniques were detected.
Audit Metadata