learning-graph-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or passwords were found in the scripts or configuration files.
- [DATA_EXFILTRATION] (SAFE): The scripts perform local file I/O (reading CSV/JSON, writing Markdown/CSV). There are no network requests, telemetry, or data transmission patterns to external domains.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of downloading and executing remote scripts (e.g., curl | bash) were found. The tool uses a standard JSON schema for validation and does not use unsafe execution functions like eval() or exec() on external input.
- [COMMAND_EXECUTION] (SAFE): While the skill includes a shell script (validate-learning-graph.sh), it is a simple wrapper for a Python validation script and does not execute arbitrary or unsanitized user commands.
- [PROMPT_INJECTION] (SAFE): The markdown templates and documentation do not contain instructions designed to override agent behavior or bypass safety guardrails.
- [DYNAMIC_EXECUTION] (SAFE): The code uses standard libraries for processing structured data (json, csv). It does not dynamically generate or load executable code from untrusted sources.
Audit Metadata