torchforge-rl-training
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [METADATA_POISONING]: The skill metadata and documentation repeatedly claim that
torchforgeis a "Meta library" and point to the domainmeta-pytorch.org. This domain and the associated GitHub organizationmeta-pytorchare not official Meta or PyTorch properties. This impersonation of a well-known organization is deceptive and may lead users to trust the software more than is warranted. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to execute
./scripts/install.shand./scripts/install_rocm.sh. These scripts are described as handling the installation of "PyTorch nightly + dependencies," which involves downloading and executing code from external repositories. Since the contents of these scripts are not included in the skill files provided, their behavior cannot be fully audited. - [COMMAND_EXECUTION]: The skill provides numerous commands for environment setup and training execution (e.g.,
python -m apps.grpo.main). While typical for a development framework, these commands interact with a codebase (torchforge,monarch) that originates from an unverifiable and potentially deceptive source. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a workflow for reading datasets from external sources like the HuggingFace Hub (e.g.,
openai/gsm8k). This creates an attack surface where malicious data in the dataset could potentially influence the behavior of the training processes or the agent using the skill. Evidence: - Ingestion points:
config/grpo_math.yaml(dataset path) - Boundary markers: Absent
- Capability inventory:
SKILL.md(subprocess calls via python -m) - Sanitization: Absent
Audit Metadata