track-ml-experiments
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
generate_comparison_reportfunction inreferences/EXAMPLES.mdexhibits an indirect prompt injection vulnerability by processing untrusted data from an external tracking server without sanitization.\n - Ingestion points: Data is ingested from the MLflow tracking server via
client.get_run(run_id)inreferences/EXAMPLES.md.\n - Boundary markers: No delimiters or instructions are provided to the agent or browser to ignore potential instructions embedded in the tracking data.\n
- Capability inventory: The script possesses file-write capabilities (
open(output_file, 'w')) to save generated reports locally.\n - Sanitization: The implementation is missing sanitization or escaping of the
paramsandmetricsvalues before they are rendered into the HTML output viapandas.to_html.\n- [COMMAND_EXECUTION]: The skill usessubprocess.check_outputinreferences/EXAMPLES.mdto retrieve git commit information. Although the command is currently limited to a static argument list (git rev-parse), this demonstrates a capability for executing shell-level commands.\n- [DATA_EXFILTRATION]: Documentation inreferences/EXAMPLES.mdsuggests configuring the MLflow server to listen on0.0.0.0. This configuration exposes the tracking server to any network interface, potentially enabling unauthorized remote access to sensitive experiment metadata and artifacts.
Audit Metadata