semantic-lineage-mapper

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/quick_validate_skill.py uses subprocess.run to execute the skill's internal contract test suite (tests/test_skill_contract.py). This is a legitimate utility for verifying the skill's integrity and portability.
  • [REMOTE_CODE_EXECUTION]: The test script tests/test_skill_contract.py uses the Python compile() function to perform syntax validation on the skill's Python scripts. This is used solely for linting during the validation phase and does not execute the resulting code objects.
  • [PROMPT_INJECTION]: The skill includes adversarial test documentation and fixtures in references/acceptance-tests.md and tests/fixtures/adversarial.md. These are designed to verify that the agent correctly identifies and refuses attempts to bypass its operational logic or provide false confidence, which is a defensive security practice.
  • [SAFE]: The skill includes a contract test (tests/test_skill_contract.py) that actively scans for hardcoded secrets or API keys within the skill files, demonstrating a proactive security posture.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — semantic-lineage-mapper