text-generation-inference
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official Docker container images from the Hugging Face organization's GitHub Container Registry (ghcr.io/huggingface/text-generation-inference). These are trusted images from a well-known service provider.\n- [COMMAND_EXECUTION]: Provides instructions for the use of the
--trust-remote-codeflag with the text-generation-launcher. This is a standard configuration that allows the inference server to execute custom modeling code bundled with specific models from the Hugging Face Hub.\n- [PROMPT_INJECTION]: The skill establishes an interface for processing external, untrusted data via LLM inference APIs, which constitutes a vulnerability surface for indirect prompt injection.\n - Ingestion points: External data is processed via the
/generateand/v1/chat/completionsREST API endpoints, and through corresponding Python client methods (text_generation,chat_completion).\n - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are included in the example implementation.\n
- Capability inventory: The skill facilitates server execution via Docker and the TGI launcher, enabling network listening and file system access for model storage.\n
- Sanitization: No input validation or sanitization of user-provided content is demonstrated in the provided code snippets.
Audit Metadata