fr-analysis
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation explicitly supports processing "Binary pickle" payloads from flight-recorder dumps. In Python, the
picklemodule is insecure against erroneously or maliciously constructed data and can result in arbitrary code execution during deserialization. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its
--llm-analyzefeature, which feeds parsed log data into an LLM for summarization. Maliciously crafted log entries could potentially influence the LLM's output or the agent's subsequent actions. - Ingestion points: External NCCL flight-recorder dump files loaded from the path specified by
--fr-path(SKILL.md). - Boundary markers: None identified; the skill does not specify the use of delimiters or ignore-instructions for the processed log content.
- Capability inventory: Executes local Python scripts (
scripts/fr_attribution.py) and interfaces with LLM providers (SKILL.md). - Sanitization: No evidence of sanitization or content filtering for the ingested trace data is provided in the skill definition.
Audit Metadata