dataset-contract-forensics

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill incorporates local Python scripts for validation and data profiling tasks.
  • scripts/quick_validate_skill.py uses subprocess.run to execute the skill's internal test contract.
  • tests/test_skill_contract.py employs the compile() function as a linter to ensure Python files in the repository are syntactically correct.
  • [PROMPT_INJECTION]: The repository contains adversarial prompt fixtures used to verify the agent's adherence to its mission and operating rules under pressure.
  • tests/fixtures/adversarial.md and references/acceptance-tests.md include instructions for the agent to resist commands to "ignore warnings" or provide "false confidence."
  • [EXTERNAL_DOWNLOADS]: The skill references external visual assets for documentation purposes.
  • README.md and tests/test_skill_contract.py point to PNG images hosted on raw.githubusercontent.com within the author's official repository.
  • [SAFE]: The skill demonstrates security maturity by including an automated check for hardcoded secrets (API keys, tokens) within its validation suite in tests/test_skill_contract.py.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — dataset-contract-forensics