perf-workload-profiling
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read and interpret user-provided training scripts to inject timing code, creating a surface for indirect prompt injection if the source code contains malicious instructions.
- Ingestion points: Processes user-provided training scripts, dataloaders, and loop structures (SKILL.md).
- Boundary markers: Does not specify the use of delimiters or instructions to ignore embedded commands in the user's code.
- Capability inventory: The agent is guided to generate and inject Python code into the user's environment (SKILL.md).
- Sanitization: No sanitization of the processed code blocks is described.
- [EXTERNAL_DOWNLOADS]: References the installation of the
nvtxlibrary from a public registry (references/nvtx-api.md), which is a standard tool for GPU timeline annotation. - [COMMAND_EXECUTION]: Provides templates for executing performance measurement code, including the use of
triton.testing.do_benchand PyTorch benchmarking APIs (references/benchmarking-patterns.md).
Audit Metadata