torchforge-rl-training

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [METADATA_POISONING]: The skill metadata and documentation repeatedly claim that torchforge is a "Meta library" and point to the domain meta-pytorch.org. This domain and the associated GitHub organization meta-pytorch are not official Meta or PyTorch properties. This impersonation of a well-known organization is deceptive and may lead users to trust the software more than is warranted.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to execute ./scripts/install.sh and ./scripts/install_rocm.sh. These scripts are described as handling the installation of "PyTorch nightly + dependencies," which involves downloading and executing code from external repositories. Since the contents of these scripts are not included in the skill files provided, their behavior cannot be fully audited.
  • [COMMAND_EXECUTION]: The skill provides numerous commands for environment setup and training execution (e.g., python -m apps.grpo.main). While typical for a development framework, these commands interact with a codebase (torchforge, monarch) that originates from an unverifiable and potentially deceptive source.
  • [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a workflow for reading datasets from external sources like the HuggingFace Hub (e.g., openai/gsm8k). This creates an attack surface where malicious data in the dataset could potentially influence the behavior of the training processes or the agent using the skill. Evidence:
  • Ingestion points: config/grpo_math.yaml (dataset path)
  • Boundary markers: Absent
  • Capability inventory: SKILL.md (subprocess calls via python -m)
  • Sanitization: Absent
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — torchforge-rl-training