messy-data-cleanroom

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py uses subprocess.run to execute the local contract test tests/test_skill_contract.py. This is a standard and safe implementation for a self-validation suite within a development skill.
  • [DYNAMIC_EXECUTION]: The test file tests/test_skill_contract.py uses the Python compile() function to perform syntax validation on the skill's scripts. This is used strictly for linting purposes during automated tests to ensure script integrity.
  • [DATA_EXPOSURE]: The skill is designed to process local datasets (e.g., via scripts/profile_table.py). Analysis confirms it uses standard CSV parsing and does not contain any logic for data exfiltration or unauthorized network access.
  • [PROMPT_INJECTION]: The skill includes 'Adversarial' fixtures (e.g., tests/fixtures/adversarial.md) specifically designed to test and harden the agent against prompt injection attempts that try to force overconfident results or bypass safety warnings.
  • [SAFE]: The workflow documentation (SKILL.md) and operational guidelines (references/playbook.md) emphasize data integrity, transparency, and 'owner decision' gates, which are industry best practices for secure and auditable data science.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — messy-data-cleanroom