ai-data-readiness-triage

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/quick_validate_skill.py script uses subprocess.run to execute the project's internal test suite (tests/test_skill_contract.py). This is a local validation tool for developers and does not pose a threat to the execution environment.
  • [REMOTE_CODE_EXECUTION]: The compile() function is utilized in tests/test_skill_contract.py as a linting mechanism to verify the syntax of Python files within the skill package. It does not execute untrusted external code.
  • [DATA_EXFILTRATION]: Although the skill is designed to profile and analyze local data such as CSV files, schemas, and reports, it includes explicit instructions in SKILL.md and references/provider-interop.md to prevent the unauthorized upload of private data to external services.
  • [PROMPT_INJECTION]: The skill provides adversarial test fixtures in references/acceptance-tests.md and tests/fixtures/adversarial.md. These are used to benchmark the agent's ability to resist pressure to overclaim readiness and to identify missing information correctly.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — ai-data-readiness-triage