datapackage
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is well-documented and uses standard data science tools for its operations.
- [COMMAND_EXECUTION]: The skill utilizes command-line utilities such as
jq,curl,duckdb, andfrictionless. These are used appropriately for metadata parsing, data downloading, and validation tasks within the scope of data package management. - [EXTERNAL_DOWNLOADS]: The skill supports fetching dataset descriptors and data resources from remote URLs. This functionality is essential for its purpose and is performed using standard tools like
curland DuckDB's remote access capabilities. - [PROMPT_INJECTION]: The skill interacts with external
datapackage.jsonfiles. While these files could contain malicious text in metadata fields (indirect prompt injection), the skill's workflow utilizes structured query tools that interpret this content as data, effectively isolating the agent's logic from potentially malicious instructions.
Audit Metadata