fine-tuning-gpt-5-gpu-kernel
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data (PyTorch reference implementations provided by a user). Ingestion points: The agent is instructed to extract and process user-supplied code (SKILL.md, Step 1). Boundary markers: No explicit boundary markers or 'ignore' instructions for the processed code are provided. Capability inventory: The skill requires execution of code via the Python interpreter and Triton compiler (Step 4, 5, 6). Sanitization: No sanitization or sandboxing procedures for user-provided code are described.
- [COMMAND_EXECUTION]: The primary workflow involves executing generated and user-provided code to validate correctness and measure performance (e.g., executing
torch.allcloseandtriton.testing.do_benchin steps 4 and 7). This allows the execution of code influenced by external input. - [DYNAMIC_EXECUTION]: The skill relies on generating and compiling Triton kernels at runtime using
triton.jit. This is the intended purpose of the skill, but it involves the runtime execution of dynamically created content which may incorporate user-supplied logic.
Audit Metadata