networkx
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION]: The documentation in
references/io.mdincludes examples of usingpickle.load()andnx.read_gpickle()for graph serialization. Python'spicklemodule is fundamentally insecure as it can execute arbitrary code during the deserialization of data from untrusted sources. - [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of data from various external sources such as CSV, JSON, and GraphML files, which creates a potential surface for indirect prompt injection. Ingestion points: Multiple functions in
references/io.md(e.g.,read_edgelist,read_graphml,read_json) load external data into the agent's context. Boundary markers: No explicit instructions or delimiters are provided to the agent to distinguish untrusted data from instructions. Capability inventory: The skill permits file reading/writing and complex data processing. Sanitization: No data validation or sanitization steps are documented for the external data before it is processed. - [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing well-known and trusted Python libraries such as
networkx,pandas, andmatplotlibfrom official package registries.
Audit Metadata