tao-run-automl
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements automated hyperparameter optimization (HPO) using a platform-agnostic runner. It adheres to best practices by requiring manual confirmation for container images and explicit prompting for LLM credentials.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of
nvidia-tao-automlandwandbfrom public registries (PyPI). These are standard industry packages required for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill generates and executes local Python scripts to orchestrate training trials. This is the intended behavior of an AutoML runner. Execution is protected by mandatory timestamping of workspaces and preflight checks for environment readiness.
- [DATA_EXFILTRATION]: While the skill interacts with dataset URIs (e.g., S3, Azure), it does so to provide training data to the compute backends. No unauthorized data exfiltration to non-whitelisted or untrusted domains was observed.
- [CREDENTIALS_UNSAFE]: The skill documentation includes examples of environment variables (
NVIDIA_API_KEY,WANDB_API_KEY) and placeholder API keys (sk-abc123). These are used for illustrative purposes in documentation and example conversations, following standard developer guidance. The skill correctly instructs the agent to check for the presence of credentials without reading their values. - [PROMPT_INJECTION]: No patterns attempting to override agent instructions or bypass safety filters were found in the skill body or metadata.
Audit Metadata