tao-run-on-local-docker
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform system verification and Docker lifecycle management. This includes running a setup script for the NVIDIA GPU host and invoking docker run to execute user-defined job commands.
- [EXTERNAL_DOWNLOADS]: The instructions guide the user to install dependencies from public registries, specifically the nvidia-tao-sdk and the docker Python client. These are standard components for the TAO ecosystem and are provided by the vendor.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interpolates user-controlled variables such as container images and shell commands into backend execution calls. 1. Ingestion points: Job specifications provided by the user, including container image names and job commands in SKILL.md or through the DockerSDK.create_job API. 2. Boundary markers: No specific delimiters are documented to isolate these parameters within the generated bash commands. 3. Capability inventory: The skill uses the Bash tool to execute Docker commands and Python scripts that interact with the host system. 4. Sanitization: No evidence of sanitization or validation of the job command string is present in the provided documentation.
Audit Metadata