Package Metadata

Author: —
Email: Microsoft Corporation <[email protected]>
PyPI: agentmesh_openai_agents_trust
Python: >=3.9
Versions: 4 releases
First release: 30 Apr 2026, 18:38 UTC
Analysed: 06 Jun 2026, 11:04 UTC
Source files: 11 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.9Topic :: SecurityTopic :: Software Development :: Libraries

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential code injection due to the use of eval(), and there is some suspicion regarding the author's metadata. However, it does not exhibit other high-risk behaviors like network calls or shell executions.

High obfuscation risk due to eval()
Suspicious author metadata

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require external communications.
Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
Obfuscation: The use of eval() with dynamic input suggests potential for code injection and obfuscation.
Credentials: No direct evidence of credential harvesting patterns detected.
Metadata: The author's information is incomplete and they appear to be a new or inactive user, which raises some suspicion but not enough to conclusively determine malice.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

2 test file(s) detected (e.g. test_core.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (3008 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

31 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

tion(None, make_agent(), "Run eval('code')") assert result.tripwire_triggered is True

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh_openai_agents_trust

Create a secure document management system (SDMS) that leverages the 'agentmesh_openai_agents_trust' package to ensure the integrity and confidentiality of documents handled within the system. This SDMS will enable users to upload, manage, and share documents while ensuring that all actions are governed by strict policies and are auditable. Here’s a detailed plan on how to develop this mini-application:

1. **Setup Environment**: Begin by setting up your Python development environment and installing the necessary packages including 'agentmesh_openai_agents_trust'. Ensure you have access to an OpenAI API key to integrate with the OpenAI Agents SDK.

2. **Define User Roles and Policies**: Establish different user roles such as Admin, Editor, Viewer, etc., each with specific permissions over document creation, editing, viewing, and deletion. Use 'agentmesh_openai_agents_trust' to define these policies, ensuring that only authorized users can perform certain actions.

3. **Implement Document Upload Functionality**: Allow users to upload documents into the system. Each document should be automatically assigned a unique identifier and stored securely. Integrate 'agentmesh_openai_agents_trust' to enforce policies that restrict who can upload documents based on their role.

4. **Manage Document Access**: Implement a feature where users can specify who can view or edit their uploaded documents. Utilize 'agentmesh_openai_agents_trust' to create trust-gated handoffs, ensuring that only intended recipients receive the document and that all access requests are logged and audited.

5. **Audit Trails**: Enable a feature that logs every action taken on documents (upload, edit, delete, view). These logs should be hash-chained to prevent tampering and should be accessible to administrators. Use 'agentmesh_openai_agents_trust' to maintain these audit trails securely.

6. **User Interface**: Develop a simple yet intuitive web interface using Flask or Django that allows users to interact with the SDMS. Ensure that the UI reflects the current user's role and permissions as defined by 'agentmesh_openai_agents_trust'.

7. **Testing and Deployment**: Thoroughly test the application to ensure that all functionalities work as expected and that 'agentmesh_openai_agents_trust' enforces policies correctly. Deploy the application on a cloud platform like AWS or Heroku for easy access.

By following these steps, you'll create a robust and secure document management system that not only manages documents but also ensures compliance with set security policies through the use of 'agentmesh_openai_agents_trust'.