Skills
skills/microsoft/onnxruntime/python-kwargs-setattr-security/Gen Agent Trust Hub

python-kwargs-setattr-security

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • Secure Coding Guidelines: The skill identifies a common security vulnerability where user-controlled keyword arguments (kwargs) are passed directly to setattr(). It provides a structured remediation strategy using an explicit allowlist.
  • Vulnerability Awareness: It correctly highlights specific dangerous properties within ONNX Runtime, such as optimized_model_filepath, which could be exploited for arbitrary file writes if not properly restricted.
  • Best Practices: The instructions promote the use of frozenset for immutable allowlists and standard error handling (RuntimeError) consistent with the target project's conventions.
  • No Malicious Patterns: No evidence of prompt injection, data exfiltration, obfuscation, or unauthorized remote code execution was found. The skill serves purely as a defensive programming reference.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:51 PM
Security Audit — agent-trust-hub — python-kwargs-setattr-security