Skills
skills/nvidia/megatron-lm/testsystem/Gen Agent Trust Hub

testsystem

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directs the agent to ingest and analyze untrusted data from external sources (CI logs).
  • Ingestion points: Untrusted data enters the agent context through the outputs of gh run view --log-failed and the contents of downloaded log files (e.g., stderr.log, stdout.log) from the CI environment.
  • Boundary markers: There are no markers or delimiters used to separate untrusted log content from the agent's instructions, nor are there warnings to ignore instructions embedded in the logs.
  • Capability inventory: The skill utilizes several powerful capabilities including subprocess execution of gh (GitHub CLI), pytest, and local repository scripts, as well as file system read operations via sed, grep, and wc.
  • Sanitization: No sanitization, escaping, or validation of the external log content is performed before the agent processes and interprets the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 08:13 AM