networkx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The file
references/io.mdincludes code examples for usingpickle.load()andnx.read_gpickle(), which are vulnerable to arbitrary code execution. - Evidence: Code snippets such as
G = pickle.load(f)andnx.read_gpickle(G, 'graph.gpickle')demonstrate loading serialized Python objects from the filesystem. - Risk: The
picklemodule is inherently insecure. If an agent follows these examples to process a file provided by an untrusted source, it could lead to full system compromise through remote code execution (RCE). - [Indirect Prompt Injection] (LOW): The skill documents a large surface area for ingesting untrusted data from various file formats and databases.
- Ingestion points:
references/io.mddescribes methods to read from Adjacency lists, Edge lists, GML, GraphML, JSON, CSV, and SQL databases. - Boundary markers: The provided examples do not demonstrate the use of boundary markers or instructions to ignore embedded commands within the graph data.
- Capability inventory: The skill allows for significant filesystem interaction (reading/writing) and database operations via
sqlite3. - Sanitization: There is no evidence of data sanitization or schema validation in the provided documentation examples.
Audit Metadata