cuopt-developer
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for running local build and test commands such as
./build.sh,pytest,ctest, andpre-commit. These are standard developer operations, and the skill includes explicit safety rules requiring user confirmation before executing destructive or irreversible commands. - [EXTERNAL_DOWNLOADS]: The skill facilitates cloning the source code from NVIDIA's official GitHub repository and references official documentation for downloading test datasets. These operations target trusted vendor infrastructure and are documented with neutral, informative language.
- [DYNAMIC_EXECUTION]: The Python implementation uses
importlib.import_modulefor lazy-loading submodules within thecuoptpackage. This is implemented using a hardcoded whitelist of allowed submodules, which prevents the loading of arbitrary or untrusted modules. - [DATA_EXFILTRATION]: No patterns of data exfiltration or hardcoded credentials were detected. Git operations are restricted to standard development workflows involving cloning and pushing to authorized forks.
Audit Metadata