causal-assumption-scout

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py uses subprocess.run to execute the skill's internal contract test (tests/test_skill_contract.py). This is a legitimate development workflow for validating the skill's integrity and uses the local Python interpreter.
  • [DYNAMIC_EXECUTION]: The test suite tests/test_skill_contract.py uses the Python compile() function to perform syntax validation on other Python scripts within the package. This is a common static analysis technique and does not execute the code in a runtime context that poses a security risk.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest local data artifacts like SQL queries, schemas, and notebooks.
  • Ingestion points: Data extracts, schemas, notebooks, SQL, and pipeline configs referenced in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters for untrusted data but advise the agent to treat artifacts as evidence for judgment.
  • Capability inventory: Local Python scripts for scoring and validation (scripts/checklist_score.py).
  • Sanitization: No automated sanitization is performed, but the workflow is designed for human-in-the-loop review where the agent classifies risks rather than taking automated actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — causal-assumption-scout