semantic-lineage-mapper
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/quick_validate_skill.pyusessubprocess.runto execute the skill's internal contract test suite (tests/test_skill_contract.py). This is a legitimate utility for verifying the skill's integrity and portability. - [REMOTE_CODE_EXECUTION]: The test script
tests/test_skill_contract.pyuses the Pythoncompile()function to perform syntax validation on the skill's Python scripts. This is used solely for linting during the validation phase and does not execute the resulting code objects. - [PROMPT_INJECTION]: The skill includes adversarial test documentation and fixtures in
references/acceptance-tests.mdandtests/fixtures/adversarial.md. These are designed to verify that the agent correctly identifies and refuses attempts to bypass its operational logic or provide false confidence, which is a defensive security practice. - [SAFE]: The skill includes a contract test (
tests/test_skill_contract.py) that actively scans for hardcoded secrets or API keys within the skill files, demonstrating a proactive security posture.
Audit Metadata