osmo-agent
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill fetches cookbook examples and workflow templates from the NVIDIA/OSMO GitHub repository. This network activity is limited to a trusted vendor source and is required for the skill's documented behavior of adapting existing examples.
- [PROMPT_INJECTION]: Instructions in SKILL.md and agents/workflow-expert.md directing the agent to run commands directly or skip confirmation are verified as benign automation patterns. These instructions are intended to facilitate the management of compute workflows and do not attempt to bypass safety filters or conceal malicious intent.
- [DYNAMIC_EXECUTION]: The skill generates and modifies workflow configuration files (YAML) and shell scripts to be executed on the remote OSMO platform. This behavior is the primary intended functionality for the agent and is managed through legitimate platform tooling.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from user-provided files and trusted remote repositories. While it processes external content as part of the workflow lifecycle, the risk is mitigated by the trusted source of the data and the restricted execution environment of the OSMO compute platform.
Audit Metadata