skills/nvidia/skills/tao-run-on-brev/Gen Agent Trust Hub

tao-run-on-brev

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is configured to fetch the nvidia-tao-sdk from the public PyPI registry and pull containerized toolkits from the NVIDIA Container Registry (nvcr.io).
  • [COMMAND_EXECUTION]: It utilizes the brev CLI for instance lifecycle operations, such as creation, remote execution via SSH, and deletion.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for managing sensitive API tokens and access keys through environment variables, which is a standard security practice for avoiding credential exposure in source code.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by reading task specifications and datasets from S3 buckets; however, this is a functional requirement and no malicious injection patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-run-on-brev