experiment-provenance-ledger
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill's design focuses on preserving experiment history through metadata collection. No evidence of malicious intent or hidden payloads was found across the instruction files or scripts.
- [COMMAND_EXECUTION]: The script 'scripts/capture_provenance.py' executes 'git' via 'subprocess' to capture version control state (commit hash and dirty status), which is essential for tracking experiment reproducibility.
- [COMMAND_EXECUTION]: The utility 'scripts/quick_validate_skill.py' runs the bundled test suite using 'subprocess.run' to ensure the skill environment is correctly configured.
- [SAFE]: The contract test 'tests/test_skill_contract.py' utilizes 'compile()' to verify the syntactic integrity of the skill's Python scripts, serving as a static analysis tool within the development workflow.
- [EXTERNAL_DOWNLOADS]: Documentation references several public research repositories and informational sites (e.g., MLflow, Microsoft Research, arXiv). These are standard academic/industry references and do not involve automated execution of untrusted code.
Audit Metadata