skills/nvidia/skills/tao-train-ocdnet/Gen Agent Trust Hub

tao-train-ocdnet

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by ingesting and processing external dataset paths and configuration parameters that could be controlled by an attacker.
  • Ingestion points: Dataset paths (dataset.train_dataset.data_path, dataset.validate_dataset.data_path) and spec overrides defined in SKILL.md and referenced YAML templates.
  • Boundary markers: Absent; external data values are interpolated directly into configuration structures without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill utilizes the Bash tool to execute model training and deployment workflows via ocdnet CLI and docker run commands.
  • Sanitization: Absent; input paths and configuration values are not sanitized or validated against a strict schema before being used in shell commands.
  • [EXTERNAL_DOWNLOADS]: The skill references and fetches Docker container images from the NVIDIA Container Registry (nvcr.io/nvidia/tao/tao-toolkit). This is an official registry provided by the skill's author for its intended purpose.
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute complex shell commands using the Bash tool, primarily for running Docker containers and TAO Toolkit CLI operations. These commands are necessary for the skill's primary function of machine learning model development.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-train-ocdnet