tao-train-ocdnet
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by ingesting and processing external dataset paths and configuration parameters that could be controlled by an attacker.
- Ingestion points: Dataset paths (
dataset.train_dataset.data_path,dataset.validate_dataset.data_path) and spec overrides defined inSKILL.mdand referenced YAML templates. - Boundary markers: Absent; external data values are interpolated directly into configuration structures without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill utilizes the
Bashtool to execute model training and deployment workflows viaocdnetCLI anddocker runcommands. - Sanitization: Absent; input paths and configuration values are not sanitized or validated against a strict schema before being used in shell commands.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches Docker container images from the NVIDIA Container Registry (
nvcr.io/nvidia/tao/tao-toolkit). This is an official registry provided by the skill's author for its intended purpose. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute complex shell commands using the
Bashtool, primarily for running Docker containers and TAO Toolkit CLI operations. These commands are necessary for the skill's primary function of machine learning model development.
Audit Metadata