dm-graph-traversal
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and a local utility script (
validate-query-parity.cjs) designed to validate the structure of JSON query payloads for Cognite Data Fusion. Analysis of the code and instructions shows no malicious patterns. - [COMMAND_EXECUTION]: The skill includes instructions to execute a local Node.js script for payload validation. This script uses only built-in Node.js modules (
node:fs,node:path) and performs safe JSON parsing and object property validation. It does not execute arbitrary shell commands, perform network operations, or use unsafe functions likeeval(). - [DATA_EXPOSURE]: No hardcoded credentials, API keys, or sensitive file paths were found in the skill files or example payloads.
- [PROMPT_INJECTION]: The instructions focus entirely on technical implementation details for graph traversal. There are no attempts to bypass safety filters, override agent instructions, or extract system prompts.
- [OBFUSCATION]: Several JSON example files contain a UTF-8 Byte Order Mark (BOM), which is a standard character encoding marker. The provided validation script explicitly handles and removes this marker before parsing, indicating legitimate usage rather than an attempt at obfuscation.
Audit Metadata