yao-geo-brand-graph

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/collect_source_validation.py performs HTTP GET requests to verify the reachability of brand source URLs and extract page titles. This is a functional requirement for the skill's data verification process and uses standard Python libraries (urllib.request) with appropriate timeouts.
  • [COMMAND_EXECUTION]: The skill includes Python scripts for rendering reports (render_yao_geo_brand_graph.py) and validating data. These scripts perform file I/O and document generation (Word, PDF, HTML) based on structured JSON input, following safe coding practices without dynamic execution of untrusted code.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The source validation script handles external URLs, but it is limited to metadata collection (HTTP status and titles) and does not access sensitive local files or environment variables.
  • [SAFE]: The methodology documents (e.g., references/evidence-policy.md) explicitly incorporate privacy reviews and authorization checks, demonstrating a focus on data security and ethical handling of corporate information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 10:56 AM
Security Audit — agent-trust-hub — yao-geo-brand-graph