tao-train-pose-classification
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions do not contain any attempts to override agent behavior, bypass safety guidelines, or extract system prompts.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or credentials were found. The
encryption_keyproperty in the schemas and spec templates is a configuration placeholder for user-supplied encryption keys. - [DATA_EXFILTRATION]: No unauthorized network operations or data transmission patterns were detected. Examples use placeholder S3 paths for datasets, which is consistent with the skill's purpose for model training.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It utilizes a static container image (
tao_toolkit.pyt) for its execution environment. - [COMMAND_EXECUTION]: Shell commands are appropriately scoped to the TAO Toolkit's pose classification actions (
train,evaluate,export,inference) as defined in the skill metadata. - [SAFE]: Evaluation of potential indirect prompt injection surfaces identifies it as standard data ingestion for machine learning training.
- Ingestion points: Dataset data and label paths defined in
SKILL.mdandreferences/skill_info.yaml. - Boundary markers: Not present, as the input data is expected in specific binary or serialized formats (.npy, .pkl).
- Capability inventory: Execution of defined TAO CLI tools inside a managed container.
- Sanitization: The TAO Toolkit processes structured skeleton data, which limits the risk of instruction injection via input files.
Audit Metadata