skills/modular/skills/profile-model/Gen Agent Trust Hub

profile-model

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/gpu_snapshot.py accepts a command string via the --run argument and executes it using subprocess.Popen(..., shell=True). This implementation allows the execution of arbitrary shell commands if the agent passes unvalidated user input to the script.
  • [REMOTE_CODE_EXECUTION]: The profiling workflow for custom architectures described in references/custom-architectures.md instructs the agent to dynamically import Python modules from user-specified directories by modifying sys.path. This provides a mechanism for the execution of arbitrary code from the local filesystem.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the modular package and other dependencies from the vendor's official nightly repository (conda.modular.com) and the well-known conda-forge registry. These are documented as trusted or well-known service references.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 08:05 AM
Security Audit — agent-trust-hub — profile-model