Security Audit
dkyazzentwatwa/chatgpt-skills:data-quality-auditor
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:data-quality-auditor received a trust score of 46/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 3 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via `load_csv` and rule loading, Arbitrary File Write via `generate_report`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via `load_csv` and rule loading The `load_csv` method and the CLI's rule loading mechanism directly use a user-provided `filepath` or `rules` argument without validation or sandboxing. An attacker could provide paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to exfiltrate their content. The `pandas.read_csv` function will attempt to read any file path it's given, and the `json.load` function will do the same for JSON rule files. Implement strict validation for file paths. Restrict file access to a designated, sandboxed directory. Prevent directory traversal attacks (e.g., `../`). Consider using a file picker or requiring explicit user confirmation for file access outside the designated working directory. | Static | scripts/data_quality_auditor.py:60 | |
| HIGH | Arbitrary File Write via `generate_report` The `generate_report` method directly uses a user-provided `output` filepath to write the generated report. This allows an attacker to specify an arbitrary file path on the system, potentially overwriting critical system files, writing malicious content to web server directories, or filling up disk space, leading to a denial of service or system compromise if the agent has sufficient write permissions. Implement strict validation for output file paths. Restrict file writing to a designated, sandboxed directory. Prevent directory traversal attacks (e.g., `../`). Consider requiring explicit user confirmation for file writes outside the designated working directory. | Static | scripts/data_quality_auditor.py:360 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | data-quality-auditor/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | data-quality-auditor/scripts/requirements.txt:2 | |
| MEDIUM | Regular Expression Denial of Service (ReDoS) via user-supplied patterns The `check_patterns`, `validate_column`, and `validate_dataset` methods allow users to supply arbitrary regular expression patterns. These patterns are directly compiled using `re.compile`. A maliciously crafted regex (e.g., one with catastrophic backtracking) can consume excessive CPU resources, leading to a denial of service for the agent or the underlying system when processing data. Implement a timeout mechanism for regular expression matching (e.g., using a custom regex engine or a library that supports timeouts). Validate user-supplied regex patterns for complexity before compilation, or restrict the types of patterns allowed. Consider using a safer, non-backtracking regex engine if available. | Static | scripts/data_quality_auditor.py:270 | |
| LOW | Unpinned dependencies in requirements.txt The `requirements.txt` file specifies minimum versions (`pandas>=2.0.0`, `numpy>=1.24.0`) rather than exact versions. While this allows for updates, it introduces a slight supply chain risk where a future minor or patch release of a dependency could introduce a vulnerability or breaking change without explicit review. For production environments or critical skills, pinning exact versions is generally recommended for reproducibility and security. Pin dependencies to exact versions (e.g., `pandas==2.0.0`, `numpy==1.24.0`) to ensure consistent environments and prevent unexpected issues from upstream package updates. Use a dependency management tool (like `pip-compile` from `pip-tools`) to manage exact versions while allowing for controlled updates. | Static | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6ff27afb556af534)
Powered by SkillShield