networkx
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents and encourages the use of pickle.load() and nx.read_gpickle() for graph serialization in references/io.md. Python's pickle module is insecure against erroneous or maliciously constructed data and can result in arbitrary code execution during deserialization.
- [COMMAND_EXECUTION]: Integration with Graphviz via pydot and pygraphviz (references/io.md, references/visualization.md) involves executing external binaries, which could be exploited if file paths or contents are manipulated.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from various untrusted external formats (e.g., GraphML, GML, CSV, SQL) without boundary markers or sanitization. (1) Ingestion points: Multiple file reading functions in references/io.md such as read_graphml and read_edgelist. (2) Boundary markers: None present in the provided templates. (3) Capability inventory: File system write access (write_edgelist) and external tool execution (pydot). (4) Sanitization: No input validation or sanitization of graph attributes or labels.
Audit Metadata