Package Metadata

Author: —
Email: Microsoft Corporation <[email protected]>
PyPI: agent-rag-governance
Python: >=3.10
Versions: 1 release
First release: 29 May 2026, 19:55 UTC
Analysed: 06 Jun 2026, 07:21 UTC
Source files: 19 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: SecurityTopic :: Software Development :: Libraries :: Application Frameworks

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows a moderate risk level due to its high obfuscation risk and limited maintainer information, despite having low risks in other categories.

High obfuscation risk due to the presence of code execution patterns.
Sparse maintainer information increases metadata risk.

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require external communications.
Shell: No shell execution patterns detected, indicating the package does not execute system commands.
Obfuscation: The presence of patterns related to code execution like 'exec', 'eval', and '__import__' suggests potential for obfuscation or evasion techniques.
Credentials: No clear signs of credential harvesting were detected.
Metadata: The package is new and the maintainer's information is sparse, raising some concerns.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

struction override"), (re.compile(r"exec\s*\(|eval\s*\(|__import__\s*\(", re.IGNORECASE), "code exec

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-rag-governance

Create a document retrieval and access control mini-application using the 'agent-rag-governance' Python package. This application will serve as a secure knowledge management system for a company, ensuring that employees only have access to documents relevant to their roles and responsibilities. The application should include the following core functionalities:

1. **User Authentication**: Implement a simple user authentication mechanism where users log in with their unique credentials (username and password).
2. **Document Storage and Retrieval**: Utilize a vector store to index and store company documents. Users should be able to search for documents based on keywords.
3. **Access Control Policies**: Define and enforce access control policies using 'agent-rag-governance'. For example, HR documents should only be accessible to HR personnel, while technical documents should be restricted to engineers.
4. **Policy Enforcement**: When a user searches for a document, the application should check against the defined policies before returning any results.
5. **Audit Logs**: Maintain an audit log of all access attempts and document retrievals for compliance and security purposes.
6. **User Interface**: Develop a simple web interface using Flask or a similar framework to interact with the application.

The 'agent-rag-governance' package will be utilized to manage the retrieval access control and enforce policies over the vector store. It ensures that sensitive information is protected and that each user only sees the documents they are authorized to view. Additionally, explore how you can extend the functionality of your application by integrating with external authentication services or enhancing the policy definition capabilities.