miles-rl-training
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to pull a Docker image (radixark/miles:latest) and clone a repository from an unverified third-party GitHub account (https://github.com/radixark/miles.git).
- [COMMAND_EXECUTION]: The documentation includes commands to install and execute the retrieved third-party code (pip install -e . and python train.py), which can result in the execution of unverified logic.
- [PROMPT_INJECTION]: The skill metadata contains deceptive author information, identifying the creator as 'Orchestra Research' while the provided author identity is 'akillness'.
Audit Metadata