tao-run-on-slurm
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates remote execution on SLURM clusters by generating and submitting sbatch scripts via SSH. It uses standard scheduler tools like srun, squeue, sacct, and scancel for job lifecycle management and terminal monitoring.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data, including SSH private keys and NVIDIA NGC API keys (NGC_KEY). It provides specific guidance to ensure these credentials remain secure, such as enforcing strict file permissions (chmod 600) and using shell patterns that avoid leaking secret values into command history or logs.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the 'nvidia-tao-sdk' package from the official Python Package Index (PyPI). This is a standard dependency required for the skill's enhanced job handling and S3 I/O capabilities.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it monitors and processes untrusted data from remote job logs and status files.
- Ingestion points: The agent reads 'status.json', 'main.out', and 'main.err' from the remote cluster's filesystem over SSH to monitor job progress.
- Boundary markers: There are no specified delimiters or warnings to ignore instructions embedded within the job logs.
- Capability inventory: The skill utilizes SSH to execute commands and interacts with both local and remote filesystems.
- Sanitization: The instructions do not describe explicit sanitization or filtering of the content retrieved from remote log files.
Audit Metadata