profile-model
Fail
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/gpu_snapshot.pyaccepts a command string via the--runargument and executes it usingsubprocess.Popen(..., shell=True). This implementation allows the execution of arbitrary shell commands if the agent passes unvalidated user input to the script. - [REMOTE_CODE_EXECUTION]: The profiling workflow for custom architectures described in
references/custom-architectures.mdinstructs the agent to dynamically import Python modules from user-specified directories by modifyingsys.path. This provides a mechanism for the execution of arbitrary code from the local filesystem. - [EXTERNAL_DOWNLOADS]: The skill fetches the
modularpackage and other dependencies from the vendor's official nightly repository (conda.modular.com) and the well-knownconda-forgeregistry. These are documented as trusted or well-known service references.
Recommendations
- AI detected serious security threats
Audit Metadata