privacy-preserving-ds

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py uses subprocess.run to call tests/test_skill_contract.py. This is a controlled execution of local scripts for the purpose of validating the skill folder's integrity and adherence to the required structure.
  • [SAFE]: The use of the compile() function in tests/test_skill_contract.py is limited to performing syntax checks on Python files within the repository. The compiled code is never executed, making it a safe method for verifying code validity during testing.
  • [PROMPT_INJECTION]: Adversarial prompt examples are included in references/acceptance-tests.md and tests/fixtures/adversarial.md. These are part of a benchmarking suite used to ensure the agent correctly identifies and refuses attempts to bypass safety filters or ignore privacy red flags.
  • [SAFE]: The skill contains scripts for profiling data and scoring checklists locally. These tools utilize standard Python libraries to process user-provided files within the workspace, and no evidence of data exfiltration or remote connections was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — privacy-preserving-ds