tao-run-on-local-docker

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform system verification and Docker lifecycle management. This includes running a setup script for the NVIDIA GPU host and invoking docker run to execute user-defined job commands.
  • [EXTERNAL_DOWNLOADS]: The instructions guide the user to install dependencies from public registries, specifically the nvidia-tao-sdk and the docker Python client. These are standard components for the TAO ecosystem and are provided by the vendor.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interpolates user-controlled variables such as container images and shell commands into backend execution calls. 1. Ingestion points: Job specifications provided by the user, including container image names and job commands in SKILL.md or through the DockerSDK.create_job API. 2. Boundary markers: No specific delimiters are documented to isolate these parameters within the generated bash commands. 3. Capability inventory: The skill uses the Bash tool to execute Docker commands and Python scripts that interact with the host system. 4. Sanitization: No evidence of sanitization or validation of the job command string is present in the provided documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:05 PM
Security Audit — agent-trust-hub — tao-run-on-local-docker