run-train

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_training.py uses subprocess.run to execute shell commands provided via the --command argument. This is the core functionality intended for training execution.
  • [COMMAND_EXECUTION]: The script scripts/write_outputs.py uses importlib.util to dynamically load a shared module from a relative path (../../../shared/scripts/write_run_bundle.py) for standardized output handling.
  • [PROMPT_INJECTION]: The skill ingests untrusted training logs to extract metrics, posing a surface for indirect prompt injection.
  • Ingestion points: scripts/run_training.py captures stdout and stderr from the training process and parses them in parse_progress.
  • Boundary markers: Absent; logs are processed directly without delimiters or instruction-ignore warnings.
  • Capability inventory: subprocess.run in scripts/run_training.py allows execution of external commands.
  • Sanitization: Absent; log data is matched using regular expressions without additional validation or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 10:23 AM
Security Audit — agent-trust-hub — run-train