tao-train-pose-classification

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions do not contain any attempts to override agent behavior, bypass safety guidelines, or extract system prompts.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or credentials were found. The encryption_key property in the schemas and spec templates is a configuration placeholder for user-supplied encryption keys.
  • [DATA_EXFILTRATION]: No unauthorized network operations or data transmission patterns were detected. Examples use placeholder S3 paths for datasets, which is consistent with the skill's purpose for model training.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It utilizes a static container image (tao_toolkit.pyt) for its execution environment.
  • [COMMAND_EXECUTION]: Shell commands are appropriately scoped to the TAO Toolkit's pose classification actions (train, evaluate, export, inference) as defined in the skill metadata.
  • [SAFE]: Evaluation of potential indirect prompt injection surfaces identifies it as standard data ingestion for machine learning training.
  • Ingestion points: Dataset data and label paths defined in SKILL.md and references/skill_info.yaml.
  • Boundary markers: Not present, as the input data is expected in specific binary or serialized formats (.npy, .pkl).
  • Capability inventory: Execution of defined TAO CLI tools inside a managed container.
  • Sanitization: The TAO Toolkit processes structured skeleton data, which limits the risk of instruction injection via input files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-train-pose-classification