openai-security-ownership-map
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or extract system prompts were found.
- [DATA_EXFILTRATION] (SAFE): Git repository analysis is performed locally and outputs are written to the local filesystem. No network exfiltration or sensitive data exposure was identified.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing 'networkx' via pip. As a standard package from a trusted ecosystem used for its intended purpose, this is considered safe per [TRUST-SCOPE-RULE].
- [COMMAND_EXECUTION] (SAFE): The script 'run_ownership_map.py' uses 'subprocess.run' with list-based arguments to call other local scripts, which safely avoids shell injection vulnerabilities.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes untrusted git log data (ingestion point), it generates structured artifacts (CSV/JSON/GraphML) and uses safe subcommand execution with list-based arguments, minimizing the risk of malicious data influencing agent behavior.
Audit Metadata