dspy
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation for the official DSPy library. The content is educational and aligns with the stated purpose of teaching LM programming. Analysis of indirect prompt injection surfaces (such as RAG and agent patterns) indicates these are documented features of the framework intended for processing structured data.\n- [EXTERNAL_DOWNLOADS]: The skill provides installation commands for the 'dspy' package from PyPI and its official GitHub repository (stanfordnlp/dspy). These sources are well-known and reputable within the AI research community.\n- [COMMAND_EXECUTION]: Code examples demonstrate the use of a calculator tool using Python's eval() function. This is provided for instructional purposes to show how agents can interact with tools.\n- [REMOTE_CODE_EXECUTION]: The documentation describes the ProgramOfThought module, which generates and executes Python code for reasoning tasks. This is an intended and documented feature of the framework.\n- [DATA_EXFILTRATION]: Analysis found no evidence of unauthorized data access or transmission. Code examples demonstrate best practices for managing API keys using environment variables.
Audit Metadata