ml-experiment-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts using 'subprocess.check_output' to retrieve Git metadata (commit hash and branch name). This is a standard and safe practice for experiment tracking to ensure code reproducibility.
- [EXTERNAL_DOWNLOADS]: The documentation references standard installations of 'mlflow', 'wandb', and 'dvc' via official package registries (PyPI). These are well-known, trusted tools in the machine learning ecosystem.
- [CREDENTIALS_UNSAFE]: Example configurations in 'mlflow-setup.md' contain placeholder credentials such as 'postgresql://user:pass@localhost:5432/mlflow' and use environment variable placeholders like '${AWS_ACCESS_KEY_ID}'. These are used for illustrative purposes in documentation and do not represent hardcoded secrets.
- [DATA_EXFILTRATION]: No unauthorized network operations or data exfiltration patterns were found. All network-related snippets (MLflow tracking URI, WandB logging) are part of the intended functionality for experiment tracking to user-defined servers or services.
Audit Metadata