universal-captp-derivation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Python one-liners (e.g., python3 -c "import duckdb; ...") to query and display data from local database files such as culture_evolution.duckdb and gh_interactome.duckdb.
  • [DATA_EXPOSURE]: The skill performs SELECT * operations on multiple database tables, including derivation_chains, expert_triads, and now_superposition, printing the results to the agent's context. This is the intended functional behavior of the skill for capability analysis.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external database files (culture_evolution.duckdb, gh_interactome.duckdb) into the agent's context.
  • Ingestion points: Local DuckDB database files accessed via Python commands in SKILL.md.
  • Boundary markers: Absent; data is printed directly to standard output.
  • Capability inventory: Python shell execution with DuckDB read access.
  • Sanitization: No explicit filtering or sanitization is performed on the database contents before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:50 PM
Security Audit — agent-trust-hub — universal-captp-derivation