tao-run-inference-service

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill enforces robust credential management by explicitly instructing the agent not to prompt the user for secret values like HF_TOKEN, WANDB_API_KEY, or TAO_API_KEY. It directs the agent to generate code that reads these secrets from environment variables, preventing sensitive data exposure in chat logs or shell history.
  • [COMMAND_EXECUTION]: All shell commands constructed for container management incorporate shlex.quote() for user-provided inputs such as model_path and job_id. This correctly mitigates the risk of command injection vulnerabilities.
  • [SAFE]: External resources, including container images, are sourced from the official and trusted NVIDIA registry (nvcr.io).
  • [SAFE]: Service state is managed locally in /tmp/tao-inf-ms-state.json, providing a structured discovery mechanism for microservice endpoints without external data exfiltration.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted output from the inference containers. 1. Ingestion points: references/request.yaml (processing choices[0].message.content). 2. Boundary markers: Absent. 3. Capability inventory: SKILL.md (Bash, Write, Read tools). 4. Sanitization: Absent. This is an inherent property of multimodal inference tasks.
  • [SAFE]: The workflow includes mandatory user checkpoints for sampling parameters, ensuring human-in-the-loop validation of the microservice's configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:05 PM
Security Audit — agent-trust-hub — tao-run-inference-service