run-train
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_training.pyusessubprocess.runto execute shell commands provided via the--commandargument. This is the core functionality intended for training execution. - [COMMAND_EXECUTION]: The script
scripts/write_outputs.pyusesimportlib.utilto dynamically load a shared module from a relative path (../../../shared/scripts/write_run_bundle.py) for standardized output handling. - [PROMPT_INJECTION]: The skill ingests untrusted training logs to extract metrics, posing a surface for indirect prompt injection.
- Ingestion points:
scripts/run_training.pycapturesstdoutandstderrfrom the training process and parses them inparse_progress. - Boundary markers: Absent; logs are processed directly without delimiters or instruction-ignore warnings.
- Capability inventory:
subprocess.runinscripts/run_training.pyallows execution of external commands. - Sanitization: Absent; log data is matched using regular expressions without additional validation or sanitization.
Audit Metadata