pymc
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'references/workflows.md' file includes code examples using the 'pickle' module for saving and loading model objects. Specifically, 'pickle.load(f)' is demonstrated for loading model states. Because 'pickle' can execute arbitrary code during deserialization, this pattern is unsafe if the user loads a file provided by an untrusted source. The skill does correctly suggest NetCDF as a safe alternative for results in other sections.
Audit Metadata