tao-analyze-changenet-rca

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute analytical Python scripts that calculate score statistics, compute thresholds, and generate image thumbnails from user-provided experiment directories.
  • [COMMAND_EXECUTION]: Hook scripts (e.g., hooks/rca-defect-coverage.sh, hooks/rca-depth-check.sh) dynamically generate and execute Python code using heredocs to validate the consistency and depth of the Root Cause Analysis report against local data.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources such as inference.csv and experiment.yaml. While this represents a surface for indirect prompt injection, the risk is mitigated by the skill's focus on statistical and visual analysis rather than execution of instructions found within the data.
  • [SAFE]: All external resources and identification patterns trace back to official NVIDIA infrastructure and documented TAO Visual ChangeNet workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-analyze-changenet-rca