nemo-curator
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides configuration and code examples for using the official NVIDIA NeMo Curator library. All referenced dependencies (nemo-curator, cudf, dask, rapids) are well-known, legitimate packages in the RAPIDS and NVIDIA ecosystems. No obfuscation or malicious logic was detected.
- [EXTERNAL_DOWNLOADS]: Fetches pre-trained models for classification and embedding tasks from trusted repositories, including Hugging Face (sentence-transformers, CLIP) and NVIDIA's official model registry. These downloads are standard for the skill's intended purpose of data curation.
- [PROMPT_INJECTION]: While the skill ingests potentially untrusted data from web scrapes (e.g., Common Crawl) via
DocumentDataset.read_parquet, its operations are limited to data transformation, filtering, and redaction. It lacks dangerous capabilities such as shell execution or dynamic code evaluation on the processed data content, mitigating risks associated with indirect prompt injection.
Audit Metadata