skypilot-multi-cloud-orchestration

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a technical guide for using SkyPilot, a legitimate open-source framework for multi-cloud ML orchestration. No malicious instructions, obfuscation, or data exfiltration attempts were found.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the skypilot package and several widely-used machine learning libraries (such as torch, transformers, and deepspeed) from official package registries. These downloads are standard for the tool's intended purpose.
  • [COMMAND_EXECUTION]: The documentation includes numerous examples of shell commands for cluster management (sky launch, sky down), interactive access (ssh), and distributed training scripts (torchrun). These are necessary operations for infrastructure orchestration and model training.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates secure handling of API tokens (e.g., HF_TOKEN, WANDB_API_KEY) by recommending the use of environment variables and SkyPilot's built-in secrets management, successfully avoiding the risk of hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — skypilot-multi-cloud-orchestration