dm-graph-traversal

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation and a local utility script (validate-query-parity.cjs) designed to validate the structure of JSON query payloads for Cognite Data Fusion. Analysis of the code and instructions shows no malicious patterns.
  • [COMMAND_EXECUTION]: The skill includes instructions to execute a local Node.js script for payload validation. This script uses only built-in Node.js modules (node:fs, node:path) and performs safe JSON parsing and object property validation. It does not execute arbitrary shell commands, perform network operations, or use unsafe functions like eval().
  • [DATA_EXPOSURE]: No hardcoded credentials, API keys, or sensitive file paths were found in the skill files or example payloads.
  • [PROMPT_INJECTION]: The instructions focus entirely on technical implementation details for graph traversal. There are no attempts to bypass safety filters, override agent instructions, or extract system prompts.
  • [OBFUSCATION]: Several JSON example files contain a UTF-8 Byte Order Mark (BOM), which is a standard character encoding marker. The provided validation script explicitly handles and removes this marker before parsing, indicating legitimate usage rather than an attempt at obfuscation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:45 AM
Security Audit — agent-trust-hub — dm-graph-traversal