eino-compose
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely composed of documentation and instructional material in Markdown format.\n
- Evidence: No executable scripts, binaries, or configuration files are present in the provided skill files.\n- [SAFE]: References to external repositories are limited to official vendor resources belonging to the skill author.\n
- Evidence: Code snippets and documentation refer to
github.com/cloudwego/eino, which is the official repository for the Eino framework developed by cloudwego.\n- [SAFE]: Operational instructions for the agent are task-specific and do not target safety filters or system prompts.\n - Evidence: The 'Instructions to Agent' section provides benign logic-based rules for assisting users with the framework (e.g., 'Default to Graph for most use cases').\n- [SAFE]: The skill describes patterns for building agents that process external data, creating a potential indirect prompt injection surface.\n
- Ingestion points: Node inputs in Graph, Chain, and Workflow components (SKILL.md, reference/workflow.md).\n
- Boundary markers: None explicitly mentioned in the documentation snippets provided.\n
- Capability inventory: Components like ToolsNode, LambdaNode, and ChatModelNode are described as having the capability to interact with external tools and models (reference/graph.md).\n
- Sanitization: Not discussed in the documentation, which focuses on orchestration logic rather than data validation.
Audit Metadata