local-finetune
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses the private interaction history file
~/.claude/history.jsonlto extract training data from previous user conversations.- [DATA_EXFILTRATION]: Reads markdown content from the local~/.claude/skills/directory to build a skill knowledge base.- [COMMAND_EXECUTION]: Runs shell-based data processing pipelines usingawk,sort,head, andtailto prepare training data sets from extracted content.- [COMMAND_EXECUTION]: Invokes themlx_lmCLI suite (lora,generate,fuse) to perform local model weight modification and inference on the host system.- [EXTERNAL_DOWNLOADS]: Fetches pre-trained models from themlx-communityrepository on Hugging Face (a well-known service) to serve as a base for fine-tuning.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from Claude history and external skill files without sanitization. \n - Ingestion points:
~/.claude/history.jsonland markdown files in~/.claude/skills/. \n - Boundary markers: Absent. \n
- Capability inventory: Data processing via DuckDB and model training via
mlx-lm. \n - Sanitization: Absent.
Audit Metadata