llava

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to clone the official LLaVA repository from GitHub and download pre-trained model weights from Hugging Face. These sources are well-known and standard for open-source AI research.
  • [COMMAND_EXECUTION]: Includes bash commands for environment setup via pip, CLI inference, and training using DeepSpeed. These are typical operations for managing and running local AI models.
  • [PROMPT_INJECTION]: As a vision-language assistant, the skill processes external images and text. This creates a surface for indirect prompt injection (e.g., instructions hidden in images), but this is a characteristic of the model's intended multimodal functionality and no malicious prompts are provided by the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — llava