pygraphistry-gfql
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by generating graph queries based on user-provided input fragments. \n
- Ingestion points: User-derived query fragments are ingested as part of the GFQL construction process described in SKILL.md. \n
- Boundary markers: No explicit delimiters or markers are used to isolate user input in the provided code snippets. \n
- Capability inventory: The skill has the capability to execute remote queries via
gfql_remoteand run server-side Python logic viapython_remote_table. \n - Sanitization: The skill contains a 'Validation and safety' section requiring the agent to 'Validate user-derived query fragments before execution'.\n- [COMMAND_EXECUTION]: Uses the
python_remote_tablemethod to send Python lambda functions to a remote Graphistry server for execution. This is an intended capability of the Graphistry SDK for offloading graph computations.\n- [EXTERNAL_DOWNLOADS]: References official documentation and routing metadata frompygraphistry.readthedocs.io. These resources are provided by the library's official documentation host.
Audit Metadata