tao-analyze-changenet-rca
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute analytical Python scripts that calculate score statistics, compute thresholds, and generate image thumbnails from user-provided experiment directories.
- [COMMAND_EXECUTION]: Hook scripts (e.g.,
hooks/rca-defect-coverage.sh,hooks/rca-depth-check.sh) dynamically generate and execute Python code using heredocs to validate the consistency and depth of the Root Cause Analysis report against local data. - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources such as
inference.csvandexperiment.yaml. While this represents a surface for indirect prompt injection, the risk is mitigated by the skill's focus on statistical and visual analysis rather than execution of instructions found within the data. - [SAFE]: All external resources and identification patterns trace back to official NVIDIA infrastructure and documented TAO Visual ChangeNet workflows.
Audit Metadata