tao-generate-referring-expressions

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the auto_label command-line utility (part of the NVIDIA TAO Toolkit) to perform the annotation generation. This is the primary intended function of the skill.
  • [EXTERNAL_DOWNLOADS]: The documentation in references/vllm_server.md provides instructions for downloading official Docker images (vllm/vllm-openai) and Python packages (vllm) from well-known registries. These are standard dependencies for hosting self-hosted inference servers.
  • [CREDENTIALS_UNSAFE]: The skill requires API keys for VLM access (e.g., GOOGLE_API_KEY or OpenAI keys). The instructions correctly recommend using environment variables for secret management, though they also allow for configuration via YAML files, which is a common pattern for local development specifications.
  • [DATA_EXFILTRATION]: The skill transmits image data and bounding box labels to configured VLM endpoints (such as Google Gemini or OpenAI-compatible services). This is the documented and necessary behavior of the pipeline to generate the requested descriptions and captions.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it processes external image files and KITTI-format label files. While these inputs could theoretically contain instructions designed to influence the VLM's output, this represents a low-severity inherent risk of VLM-based processing rather than a flaw in the skill's design.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-generate-referring-expressions