causal-assumption-scout
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/quick_validate_skill.pyusessubprocess.runto execute the skill's internal contract test (tests/test_skill_contract.py). This is a legitimate development workflow for validating the skill's integrity and uses the local Python interpreter. - [DYNAMIC_EXECUTION]: The test suite
tests/test_skill_contract.pyuses the Pythoncompile()function to perform syntax validation on other Python scripts within the package. This is a common static analysis technique and does not execute the code in a runtime context that poses a security risk. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest local data artifacts like SQL queries, schemas, and notebooks.
- Ingestion points: Data extracts, schemas, notebooks, SQL, and pipeline configs referenced in
SKILL.md. - Boundary markers: The instructions do not define specific delimiters for untrusted data but advise the agent to treat artifacts as evidence for judgment.
- Capability inventory: Local Python scripts for scoring and validation (
scripts/checklist_score.py). - Sanitization: No automated sanitization is performed, but the workflow is designed for human-in-the-loop review where the agent classifies risks rather than taking automated actions.
Audit Metadata