tao-train-dino
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Multiple specification templates hardcode the encryption key 'tlt_encode'. This is a well-known default key used for encrypting model checkpoints, which could lead to unauthorized decryption if not changed by the user. Evidence found in references/spec_template_deploy_evaluate.yaml, references/spec_template_deploy_gen_trt_engine.yaml, and references/spec_template_deploy_inference.yaml.
- [PROMPT_INJECTION]: The skill features a vulnerability surface for indirect prompt injection where untrusted data (user-provided S3 URIs) is ingested and interpolated into configuration files used by shell commands.
- Ingestion points: User-provided S3 URIs for training and validation datasets (SKILL.md).
- Boundary markers: Absent; the URIs are interpolated directly into spec overrides without delimiters or warnings.
- Capability inventory: Execution of 'dino' commands via the Bash tool as defined in references/skill_info.yaml.
- Sanitization: Absent; the documentation provides no evidence of validation or filtering for the user-supplied paths.
Recommendations
- AI detected serious security threats
Audit Metadata