skills/nvidia/skills/tao-run-deft-aoi/Gen Agent Trust Hub

tao-run-deft-aoi

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates model training and data processing tasks by executing shell scripts and Docker containers (e.g., tao_toolkit.pyt and tao_toolkit.data_services) on the host system.
  • [DATA_EXFILTRATION]: Accesses local AI agent transcript files (JSONL) located in ~/.claude/projects/ to parse token usage metadata. This data is used to backfill performance metrics in the workflow logs.
  • [EXTERNAL_DOWNLOADS]: Fetches machine learning models and container images from well-known and trusted sources, including HuggingFace and NVIDIA's NGC registry (nvcr.io). It also manages the installation of standard Python dependencies such as pandas and matplotlib when required.
  • [PROMPT_INJECTION]: The skill processes user-provided CSV files and images for training, creating a potential surface for indirect prompt injection if these external data sources contain adversarial instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM