networkx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing the
networkxlibrary and its optional dependencies using theuv pippackage manager. These installation steps target the official Python Package Index (PyPI), which is a trusted repository. - [REMOTE_CODE_EXECUTION]: The
references/io.mdfile describes data persistence methods using thepicklemodule (pickle.loadandnx.read_gpickle). Deserialization usingpickleis inherently insecure as it can lead to arbitrary code execution if the graph files are sourced from untrusted parties. - [PROMPT_INJECTION]: The skill facilitates the ingestion of data from various external formats (GraphML, GML, JSON, CSV, SQL), which constitutes an attack surface for indirect prompt injection.
- Ingestion points: Data is read from external files using functions like
nx.read_graphml,nx.read_gml, andpd.read_sql_queryas documented inreferences/io.md. - Boundary markers: The skill does not define boundary markers or include instructions for the agent to ignore potentially malicious embedded content within the graph data.
- Capability inventory: The agent has capabilities to write files (
nx.write_*), export data to CSV, and generate interactive HTML visualizations (net.show). - Sanitization: There are no suggested validation or sanitization routines for the data before it is processed by the graph algorithms.
Audit Metadata