run-train
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_training.pyexecutes arbitrary commands provided via the--commandargument usingsubprocess.run. While the command is parsed withshlex.split, this provides a wide execution surface for any binary available in the environment. - [REMOTE_CODE_EXECUTION]: The script
scripts/write_outputs.pyperforms dynamic code loading and execution by usingimportlib.utilto load a module from a path calculated at runtime (../../../shared/scripts/write_run_bundle.py). This allows the execution of code residing outside the skill's own directory. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection through its log parsing logic in
scripts/run_training.py. - Ingestion points: The skill captures and processes
stdoutandstderrfrom the training process. - Boundary markers: None; the output is parsed directly by regular expressions without delimiters or instructions to ignore embedded content.
- Capability inventory: The skill can execute shell commands and load external Python modules.
- Sanitization: No sanitization or validation is performed on the log content before using regex to extract metrics and checkpoint names.
Audit Metadata