cupynumeric-migration-readiness
Fail
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is a read-only static analysis tool that uses standard filesystem tools (Read, Grep, Glob) to inspect source code for migration patterns. It includes explicit instructions forbidding the agent from executing the analyzed code or modifying the local environment, which limits the potential for runtime exploits.
- [EXTERNAL_DOWNLOADS]: The utility script
scripts/fetch_api_support.pycontains URLs pointing to official NVIDIA documentation and GitHub Pages (docs.nvidia.com,nv-legate.github.io). These are used to update the API support manifest. Since NVIDIA is a recognized trusted organization, these download references are considered safe and represent intended functionality. - [SAFE]: An automated scanner alert for
numpy.infowas determined to be a false positive. The string appears in a manifest file (assets/api-support.md) as a reference to a standard NumPy API function and does not represent a connection to a malicious domain or host. - [PROMPT_INJECTION]: The instructions provided in
SKILL.mdand associated reference files were reviewed for malicious patterns. No attempts to override safety filters, bypass guidelines, or extract system prompts were detected.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata