networkx
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Documentation in
references/io.mdprovides examples for usingpickle.load()andnx.read_gpickle()to deserialize graph data. Thepicklemodule is inherently insecure as it can execute arbitrary Python code during the loading process if a malicious file is supplied. - [DATA_EXFILTRATION]: The skill includes numerous capabilities for reading and writing data to the local file system (e.g.,
nx.write_graphml,nx.read_edgelist). While these are standard library features, they allow for reading potentially sensitive local files or writing unauthorized content to the disk. - [PROMPT_INJECTION]: The skill's ingestion of complex data formats (such as GraphML, GML, and JSON) from external files creates an attack surface for indirect prompt injection. Malicious instructions embedded in graph attributes could influence the agent's logic during processing.
- Ingestion points:
read_graphml,read_gexf,read_gml, andjson.loadinreferences/io.md. - Boundary markers: None mentioned; file content is parsed directly into the graph's internal data structures.
- Capability inventory: Extensive file system access (read/write) and execution of analytical algorithms.
- Sanitization: No demonstrated sanitization or validation of node/edge attribute data.
- [COMMAND_EXECUTION]: The file
SKILL.mdincludes shell commands for installation purposes (uv pip install networkx), which demonstrates interaction with the system shell to manage dependencies.
Audit Metadata