llama-cpp

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves model data and repository structures from Hugging Face (huggingface.co) and clones the official repository from GitHub (github.com/ggml-org/llama.cpp). These are well-known and trusted platforms in the technology sector.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing various command-line tools including llama-cli, llama-server, and llama-quantize to manage local inference and model optimization.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and parse untrusted metadata from Hugging Face repositories to construct local shell commands.
  • Ingestion points: Metadata extraction from Hugging Face tree API and local-app page text (found in SKILL.md and hub-discovery.md).
  • Boundary markers: Absent; the instructions do not specify delimiters or warnings for the agent when processing external repository strings.
  • Capability inventory: Subprocess execution for model inference and Python script execution for weights conversion (found in SKILL.md and advanced-usage.md).
  • Sanitization: Absent; there is no explicit instruction to validate or sanitize filenames or quantization labels before they are interpolated into executable commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — llama-cpp