llm-fine-tuning-skill
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest untrusted external data, creating an attack surface for indirect prompt injection.
- Ingestion points: In
stages/01-investigation/investigation-guide.md, the agent is directed to read and analyze external source code, documentation, papers, and dataset manifests. - Boundary markers: The workflow templates (e.g.,
stages/01-investigation/investigation-notes-template.md) lack explicit delimiters or instructions to ignore or isolate potential prompts embedded within the ingested external content. - Capability inventory: The skill utilizes capabilities including file system modification (Stage 4) and command execution for training and evaluation (Stage 5), as documented in
stages/04-implementation/implementation-template.mdandstages/05-training-and-validation/training-validation-template.md. - Sanitization: There is no requirement or instruction for the agent to sanitize or validate retrieving content from external sources before it influences code generation or execution.
- [COMMAND_EXECUTION]: The skill facilitates the generation and subsequent execution of shell commands and scripts.
- Evidence:
stages/04-implementation/implementation-template.mdtracks the creation and modification of scripts and configs in theChange Inventory, whilestages/05-training-and-validation/training-validation-template.mdrecords the exact commands executed for training and validation runs. - [NO_CODE]: The skill itself consists of Markdown guides and YAML configuration without containing executable scripts or binary files, though it instructs the agent to produce and run them.
Audit Metadata