debug-model
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to load and execute models from the Hugging Face Hub using the
trust_remote_code=Trueparameter. This is a common requirement for custom model architectures and allows for the execution of Python code defined within the remote repository. - [COMMAND_EXECUTION]: The debugging protocol necessitates the execution of several user-generated Python scripts and shell commands within a
pixienvironment to extract model tensors and perform comparisons. - [PROMPT_INJECTION]: The parallel agent workflow in
references/agent-workflow.mdinvolves a "Lead Agent" prompt that ingests data from external sources such as tensor comparison tables. This creates a surface for indirect prompt injection if the ingested data contains instructions designed to manipulate agent behavior. - Ingestion points:
references/agent-workflow.md(Lead Agent Prompt). - Boundary markers: Relies on implicit delimiters such as
<paste cos_sim table>and<list>. - Capability inventory: Includes Python execution and file system interaction as part of the core debugging functionality.
- Sanitization: No validation or sanitization of the input comparison data is specified.
Audit Metadata