experiment-provenance-ledger

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill's design focuses on preserving experiment history through metadata collection. No evidence of malicious intent or hidden payloads was found across the instruction files or scripts.
  • [COMMAND_EXECUTION]: The script 'scripts/capture_provenance.py' executes 'git' via 'subprocess' to capture version control state (commit hash and dirty status), which is essential for tracking experiment reproducibility.
  • [COMMAND_EXECUTION]: The utility 'scripts/quick_validate_skill.py' runs the bundled test suite using 'subprocess.run' to ensure the skill environment is correctly configured.
  • [SAFE]: The contract test 'tests/test_skill_contract.py' utilizes 'compile()' to verify the syntactic integrity of the skill's Python scripts, serving as a static analysis tool within the development workflow.
  • [EXTERNAL_DOWNLOADS]: Documentation references several public research repositories and informational sites (e.g., MLflow, Microsoft Research, arXiv). These are standard academic/industry references and do not involve automated execution of untrusted code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — experiment-provenance-ledger