data-science-incident-rca

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, vulnerabilities, or suspicious behaviors were detected in the skill files.
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py utilizes subprocess.run to call the internal contract test suite tests/test_skill_contract.py. This is used for local validation and is standard for the skill's documented architecture.
  • [REMOTE_CODE_EXECUTION]: The validation script tests/test_skill_contract.py uses the Python compile() function to verify the syntax of Python scripts within the skill directory. This operation is limited to local files and is used exclusively for structural validation.
  • [PROMPT_INJECTION]: The skill includes dedicated fixtures and instructions to test and ensure the agent maintains evidence boundaries and refuses to provide unverified confidence when faced with adversarial or high-pressure prompts.
  • [EXTERNAL_DOWNLOADS]: Documented URLs point to established industry reports, academic research, and the author's own GitHub repository for visual assets. These references are consistent with the skill's primary purpose and do not involve untrusted code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — data-science-incident-rca