networkx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): Documentation for
pickle.load()andnx.read_gpickle()inreferences/io.mdrepresents a potential security risk. - Evidence: The file
references/io.mdexplicitly demonstrates how to usepickle.load(f)andnx.read_gpickle('graph.gpickle'). - Risk: If an agent or user follows these examples to load a graph file from an untrusted external source, it could lead to arbitrary code execution (ACE) because the Python
picklemodule can execute arbitrary code during deserialization.
Audit Metadata