tao-launch-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: Executes local Python utility scripts (list_tao_platforms.py, resolve_tao_image.py, check_tao_launch_preflight.py) to manage platform configuration and validate job parameters before execution.
  • [COMMAND_EXECUTION]: Uses shell commands including ssh, ssh-keygen, ssh-copy-id, and ssh-keyscan to facilitate and verify passwordless connectivity to Slurm clusters.
  • [CREDENTIALS_UNSAFE]: Promptly requests sensitive credentials such as HF_TOKEN and SSH_KEY_PATH from the user. These are handled locally to authenticate against the chosen execution platform and gated model repositories.
  • [SAFE]: Implements a 'Non-Negotiable Launch Gate' that prevents the generation of artifacts, scripts, or workspace folders until all preflight checks—including platform access, credential verification, and image resolution—are successfully completed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-launch-workflow