ml-training
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines training loops that ingest data through DataLoader objects, creating an indirect prompt injection surface.\n
- Ingestion points: Data ingestion occurs in the
train_one_epochandvalidatefunctions inSKILL.md.\n - Boundary markers: The implementation lacks explicit delimiters to distinguish data from instructions.\n
- Capability inventory: The skill demonstrates file system access for checkpointing (
torch.save) and environment variable access inSKILL.md.\n - Sanitization: No validation or filtering of input data is present in the blueprints.\n- [REMOTE_CODE_EXECUTION]: The code snippets for loading checkpoints utilize torch.load(), which uses the pickle module for deserialization.\n
- Evidence: Found in the
load_checkpointfunction inSKILL.md.\n - Context: This is a standard ecosystem pattern but can lead to arbitrary code execution if untrusted files are loaded.\n- [EXTERNAL_DOWNLOADS]: The skill provides links to official documentation from trusted entities.\n
- Evidence: Includes links to PyTorch, TensorFlow, JAX, Flax, Hugging Face, and scikit-learn documentation.\n
- Status: These are safe, neutral references to industry-standard resources.
Audit Metadata