cupynumeric-migration-readiness

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill is a read-only static analysis tool that uses standard filesystem tools (Read, Grep, Glob) to inspect source code for migration patterns. It includes explicit instructions forbidding the agent from executing the analyzed code or modifying the local environment, which limits the potential for runtime exploits.
  • [EXTERNAL_DOWNLOADS]: The utility script scripts/fetch_api_support.py contains URLs pointing to official NVIDIA documentation and GitHub Pages (docs.nvidia.com, nv-legate.github.io). These are used to update the API support manifest. Since NVIDIA is a recognized trusted organization, these download references are considered safe and represent intended functionality.
  • [SAFE]: An automated scanner alert for numpy.info was determined to be a false positive. The string appears in a manifest file (assets/api-support.md) as a reference to a standard NumPy API function and does not represent a connection to a malicious domain or host.
  • [PROMPT_INJECTION]: The instructions provided in SKILL.md and associated reference files were reviewed for malicious patterns. No attempts to override safety filters, bypass guidelines, or extract system prompts were detected.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — cupynumeric-migration-readiness