skills/ascend-ai-coding/awesome-ascend-skills/external-gitcode-ascend-triton-operator-performance-eval/Gen Agent Trust Hub
external-gitcode-ascend-triton-operator-performance-eval
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using the
msprofandmsprof oputility tools to gather performance metrics. These operations are core to the skill's purpose of NPU performance evaluation.\n- [REMOTE_CODE_EXECUTION]: Reference documentation inreferences/profiling-tools.mdcontains Python code samples that employsubprocess.runwithshell=True. This implementation is vulnerable to command injection if the variables for kernel names or file paths are populated with unsanitized user input or malicious content.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on parsing and analyzing external data files (CSV and JSON profiling reports) generated by the msprof tools.\n - Ingestion points: Profiling data output files (e.g.,
op_summary.csv,ArithmeticUtilization.csv) are read using the Pandas library inreferences/performance-data-analysis.mdandreferences/profiling-tools.md.\n - Boundary markers: No specific delimiters or security warnings are used when reading these files; the agent treats the content as authoritative data for its analysis.\n
- Capability inventory: The skill environment allows for shell command execution via the
msprofutility and Python'ssubprocessmodule.\n - Sanitization: There is no evidence of content validation or sanitization for the data being read from the profiling output files before it influences the agent's logic.
Audit Metadata