Skills
skills/lllllllama/ai-research-workflow-skills/run-train/Gen Agent Trust Hub

run-train

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_training.py executes commands passed via the --command argument using subprocess.run. While it uses shlex.split to parse arguments, it allows execution of any binary available in the environment.
  • [REMOTE_CODE_EXECUTION]: The script scripts/write_outputs.py dynamically loads and executes a Python script from a path calculated relative to its own location (../../../shared/scripts/write_run_bundle.py) using importlib.util. This dynamic loading mechanism executes code from a path outside the skill's own directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by parsing the output of training commands. * Ingestion points: STDOUT and STDERR of the training process are captured and parsed in scripts/run_training.py. * Boundary markers: No delimiters or warnings are used when processing the command output. * Capability inventory: The skill can execute arbitrary subprocesses, read/write files, and access git status. * Sanitization: No sanitization or escaping is performed on the log data before regex extraction.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 09:49 AM