tao-run-deft-aoi
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates model training and data processing tasks by executing shell scripts and Docker containers (e.g.,
tao_toolkit.pytandtao_toolkit.data_services) on the host system. - [DATA_EXFILTRATION]: Accesses local AI agent transcript files (JSONL) located in
~/.claude/projects/to parse token usage metadata. This data is used to backfill performance metrics in the workflow logs. - [EXTERNAL_DOWNLOADS]: Fetches machine learning models and container images from well-known and trusted sources, including HuggingFace and NVIDIA's NGC registry (nvcr.io). It also manages the installation of standard Python dependencies such as pandas and matplotlib when required.
- [PROMPT_INJECTION]: The skill processes user-provided CSV files and images for training, creating a potential surface for indirect prompt injection if these external data sources contain adversarial instructions.
Audit Metadata