migrating-to-post-quantum-cryptography

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/agent.py helper script uses subprocess.run to call the local openssl executable. This is used specifically to test if the local OpenSSL installation can negotiate the X25519MLKEM768 hybrid group with a target server. The command is executed using a list of arguments, which is a secure practice that prevents shell injection.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md instructions include commands to clone and build liboqs and oqs-provider from the Open Quantum Safe (OQS) GitHub organization. OQS is a well-established and trusted open-source project dedicated to PQC.
  • [EXTERNAL_DOWNLOADS]: The documentation references and encourages the use of established security tools like cryptography (via pip) and cdxgen (an OWASP-related tool) for building Cryptography Bill of Materials (CBOMs).
  • [DATA_EXFILTRATION]: The scan and hybrid-test commands in scripts/agent.py establish outbound TLS connections to user-specified hosts. These connections are used to inspect the server's certificate or test algorithm negotiation as part of a cryptographic audit. No sensitive data or credentials are exfiltrated from the local system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 01:39 PM
Security Audit — agent-trust-hub — migrating-to-post-quantum-cryptography