finetuning-technique
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/get_recipes.py) to query SageMaker Hub content. This is a legitimate operation for a skill provided by 'awslabs'. - [PROMPT_INJECTION]: The skill uses variables
<model-name>and<hub-name>in a command-line call, creating a surface for indirect prompt injection. - Ingestion points: These variables are sourced from user input or preceding agent context as described in
SKILL.md. - Boundary markers: The instructions do not use specific markers or delimiters to isolate the untrusted data from the command context.
- Capability inventory: The skill possesses the capability to execute arbitrary local scripts with arguments via the shell.
- Sanitization: No explicit sanitization or validation of the model or hub names is performed before they are interpolated into the shell command.
Audit Metadata