fair-simulation-packager

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/fair_packager.py) to process simulation data and generate reproducibility manifests. This script uses standard libraries to perform file operations and metadata collection.
  • [DATA_EXFILTRATION]: The tool captures the current working directory using os.getcwd() and includes it in the provenance metadata field. This exposes the environment's directory structure within the generated manifest.
  • [DATA_EXFILTRATION]: The script reads files from arbitrary paths provided via CLI arguments to compute SHA-256 hashes and sizes. The documentation clarifies that absolute paths and directory traversal (..) are supported to facilitate comprehensive inventorying of simulation results, allowing the tool to access files across the filesystem for metadata profiling.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:02 AM
Security Audit — agent-trust-hub — fair-simulation-packager