llama-cpp
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves model data and repository structures from Hugging Face (
huggingface.co) and clones the official repository from GitHub (github.com/ggml-org/llama.cpp). These are well-known and trusted platforms in the technology sector. - [COMMAND_EXECUTION]: The skill provides instructions for executing various command-line tools including
llama-cli,llama-server, andllama-quantizeto manage local inference and model optimization. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and parse untrusted metadata from Hugging Face repositories to construct local shell commands.
- Ingestion points: Metadata extraction from Hugging Face tree API and
local-apppage text (found inSKILL.mdandhub-discovery.md). - Boundary markers: Absent; the instructions do not specify delimiters or warnings for the agent when processing external repository strings.
- Capability inventory: Subprocess execution for model inference and Python script execution for weights conversion (found in
SKILL.mdandadvanced-usage.md). - Sanitization: Absent; there is no explicit instruction to validate or sanitize filenames or quantization labels before they are interpolated into executable commands.
Audit Metadata