Skills
skills/pjt222/development-guides/label-training-data/Gen Agent Trust Hub

label-training-data

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses joblib.load in the active_learning_pipeline.py script to load a pre-trained model.\n
  • Evidence: model = joblib.load("models/current_model.pkl") in references/EXAMPLES.md.\n
  • Description: Loading models with joblib or pickle can lead to arbitrary code execution if the source file is untrusted or malicious.\n\n- [EXTERNAL_DOWNLOADS]: The skill downloads the Label Studio software and associated Docker images.\n
  • Evidence: pip install label-studio and docker pull heartexlabs/label-studio:latest in SKILL.md.\n
  • Description: These downloads originate from the official repositories of the Label Studio project.\n\n- [PROMPT_INJECTION]: The skill ingests external datasets for the purpose of labeling, which creates an attack surface for indirect prompt injection.\n
  • Ingestion points: Loading data from data/unlabeled_texts.csv and exports/annotations.json in references/EXAMPLES.md.\n
  • Boundary markers: No specific delimiters or safety instructions are used to separate data from system prompts.\n
  • Capability inventory: The skill is granted Bash and file management tools (Read, Write, Edit) in SKILL.md.\n
  • Sanitization: The provided code does not perform sanitization or validation of the input text content before it is processed or displayed in the labeling interface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 07:13 AM
Security Audit — agent-trust-hub — label-training-data