huawei-cloud-ascend-small-model-migrate
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation includes hardcoded default root credentials for the designated target server.
- File: SKILL.md
- Evidence: "ascend-server-01:22 (root/Hhuawei@smb)" listed under Default Environment.
- [COMMAND_EXECUTION]: The skill workflow relies on executing administrative shell commands on a remote server with root privileges.
- File: SKILL.md, references/verification-method.md, references/troubleshooting.md
- Evidence: Instructions use "ssh -p 22 root@ascend-server-01" and "docker exec -it skill-the bash" to perform configuration and inference tasks.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing software packages and container images from public registries.
- File: SKILL.md, references/report-template.md
- Evidence: Installation of "torch_npu", "ultralytics", and "msprof" via pip, and pulling the "quay.io/ascend/vllm-ascend" Docker image.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing untrusted model configuration files and directories.
- Ingestion Point: The script "scripts/analyze_model.py" accepts a model path and parses its configuration using the transformers library.
- Boundary markers: None identified in the processing logic.
- Capability Inventory: The skill possesses high-privilege shell access, package installation capabilities, and file system access.
- Sanitization: No sanitization or validation of the input model path or the content of the configuration files is performed before processing.
Audit Metadata