simready-foundation-create-package

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script assets/scripts/sr_pkg_sample/_conformance_writer.py contains multiple calls to the eval() function within build_asset_results. It processes strings for 'dependencies' and 'failing requirements' retrieved from the validation engine's summary. Using eval() on data that could be influenced by external assets is a dangerous practice as it allows for arbitrary code execution. The safer ast.literal_eval() should be used for parsing Python literal structures.
  • [EXTERNAL_DOWNLOADS]: The setup_venv.sh script and requirements-package-sample.txt facilitate the download and installation of Python packages from https://pypi.nvidia.com/. These resources originate from the vendor's own infrastructure and are used for establishing the necessary runtime environment for the skill's bundled scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 06:57 AM
Security Audit — agent-trust-hub — simready-foundation-create-package