fair-simulation-packager
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/fair_packager.py) to process simulation data and generate reproducibility manifests. This script uses standard libraries to perform file operations and metadata collection. - [DATA_EXFILTRATION]: The tool captures the current working directory using
os.getcwd()and includes it in theprovenancemetadata field. This exposes the environment's directory structure within the generated manifest. - [DATA_EXFILTRATION]: The script reads files from arbitrary paths provided via CLI arguments to compute SHA-256 hashes and sizes. The documentation clarifies that absolute paths and directory traversal (
..) are supported to facilitate comprehensive inventorying of simulation results, allowing the tool to access files across the filesystem for metadata profiling.
Audit Metadata