fr-analysis

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation explicitly supports processing "Binary pickle" payloads from flight-recorder dumps. In Python, the pickle module is insecure against erroneously or maliciously constructed data and can result in arbitrary code execution during deserialization.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its --llm-analyze feature, which feeds parsed log data into an LLM for summarization. Maliciously crafted log entries could potentially influence the LLM's output or the agent's subsequent actions.
  • Ingestion points: External NCCL flight-recorder dump files loaded from the path specified by --fr-path (SKILL.md).
  • Boundary markers: None identified; the skill does not specify the use of delimiters or ignore-instructions for the processed log content.
  • Capability inventory: Executes local Python scripts (scripts/fr_attribution.py) and interfaces with LLM providers (SKILL.md).
  • Sanitization: No evidence of sanitization or content filtering for the ingested trace data is provided in the skill definition.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 01:45 AM
Security Audit — agent-trust-hub — fr-analysis