tao-run-inference-service
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces robust credential management by explicitly instructing the agent not to prompt the user for secret values like
HF_TOKEN,WANDB_API_KEY, orTAO_API_KEY. It directs the agent to generate code that reads these secrets from environment variables, preventing sensitive data exposure in chat logs or shell history. - [COMMAND_EXECUTION]: All shell commands constructed for container management incorporate
shlex.quote()for user-provided inputs such asmodel_pathandjob_id. This correctly mitigates the risk of command injection vulnerabilities. - [SAFE]: External resources, including container images, are sourced from the official and trusted NVIDIA registry (
nvcr.io). - [SAFE]: Service state is managed locally in
/tmp/tao-inf-ms-state.json, providing a structured discovery mechanism for microservice endpoints without external data exfiltration. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted output from the inference containers. 1. Ingestion points:
references/request.yaml(processingchoices[0].message.content). 2. Boundary markers: Absent. 3. Capability inventory:SKILL.md(Bash,Write,Readtools). 4. Sanitization: Absent. This is an inherent property of multimodal inference tasks. - [SAFE]: The workflow includes mandatory user checkpoints for sampling parameters, ensuring human-in-the-loop validation of the microservice's configuration.
Audit Metadata