launch-nemo-rl
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the user or agent to execute commands that access sensitive local files, specifically the user's private SSH key.
- Evidence: Section 13 of SKILL.md contains the command
nrl-k8s dev setup-secrets --ssh-key ~/.ssh/id_rsa. - [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands via the
nrl-k8sCLI andkubectlto manage Kubernetes resources, Ray clusters, and training jobs. This includes the ability to run arbitrary shell scripts defined in YAML configuration files. - Evidence: Found throughout SKILL.md, including commands like
nrl-k8s run,kubectl port-forward, andkubectl exec. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and processing YAML configuration files (recipes and infra profiles) that define executable
entrypointscripts. - Ingestion points: YAML recipe and infra files located in
infra/nrl_k8s/examples/(SKILL.md, Section 2). - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within these files.
- Capability inventory: Extensive shell execution capabilities via the
nrl-k8sCLI andkubectl(SKILL.md, Sections 1 and 3). - Sanitization: No evidence of sanitization or validation of the YAML content or entrypoint scripts is mentioned.
Audit Metadata