triton-operator-precision-eval
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill employs the
eval()function to dynamically resolve PyTorch data types from string inputs. This pattern is inherently dangerous as it allows for arbitrary Python code execution if the input variable (dtype) is sourced from untrusted user prompts or external files. - Evidence in
scripts/test_common.py: Functionsgenerate_tensorand others useeval('torch.' + dtype)to instantiate tensors. - Evidence in
examples/generate_layer_norm_report.py: Thegenerate_reportfunction useseval('torch.' + dtype)when moving tensors to the NPU device.
Audit Metadata