timesfm-forecasting
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of pre-trained model weights from official Google Research repositories on HuggingFace (e.g., google/timesfm-2.5-200m-pytorch). These downloads are essential for the skill's functionality and utilize a trusted service provider.
- [COMMAND_EXECUTION]: The script
scripts/check_system.pyexecutes hardcoded system commands likesysctlandvm_staton macOS to retrieve hardware specifications such as total and available RAM. These operations are restricted to non-sensitive system metadata used for environmental verification. - [SAFE]: Dependency verification in
scripts/check_system.pyuses dynamic imports with hardcoded package names ('timesfm', 'torch') to check for library presence, posing no risk of unauthorized code execution. - [SAFE]: The skill implements secure data handling by casting user-supplied CSV data to float32 arrays before inputting them into the numerical forecasting engine, effectively neutralizing any potential instructions or logic embedded in input files.
Audit Metadata