ml-training

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill defines training loops that ingest data through DataLoader objects, creating an indirect prompt injection surface.\n
  • Ingestion points: Data ingestion occurs in the train_one_epoch and validate functions in SKILL.md.\n
  • Boundary markers: The implementation lacks explicit delimiters to distinguish data from instructions.\n
  • Capability inventory: The skill demonstrates file system access for checkpointing (torch.save) and environment variable access in SKILL.md.\n
  • Sanitization: No validation or filtering of input data is present in the blueprints.\n- [REMOTE_CODE_EXECUTION]: The code snippets for loading checkpoints utilize torch.load(), which uses the pickle module for deserialization.\n
  • Evidence: Found in the load_checkpoint function in SKILL.md.\n
  • Context: This is a standard ecosystem pattern but can lead to arbitrary code execution if untrusted files are loaded.\n- [EXTERNAL_DOWNLOADS]: The skill provides links to official documentation from trusted entities.\n
  • Evidence: Includes links to PyTorch, TensorFlow, JAX, Flax, Hugging Face, and scikit-learn documentation.\n
  • Status: These are safe, neutral references to industry-standard resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:40 AM
Security Audit — agent-trust-hub — ml-training