launch-nemo-rl

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the user or agent to execute commands that access sensitive local files, specifically the user's private SSH key.
  • Evidence: Section 13 of SKILL.md contains the command nrl-k8s dev setup-secrets --ssh-key ~/.ssh/id_rsa.
  • [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands via the nrl-k8s CLI and kubectl to manage Kubernetes resources, Ray clusters, and training jobs. This includes the ability to run arbitrary shell scripts defined in YAML configuration files.
  • Evidence: Found throughout SKILL.md, including commands like nrl-k8s run, kubectl port-forward, and kubectl exec.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and processing YAML configuration files (recipes and infra profiles) that define executable entrypoint scripts.
  • Ingestion points: YAML recipe and infra files located in infra/nrl_k8s/examples/ (SKILL.md, Section 2).
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within these files.
  • Capability inventory: Extensive shell execution capabilities via the nrl-k8s CLI and kubectl (SKILL.md, Sections 1 and 3).
  • Sanitization: No evidence of sanitization or validation of the YAML content or entrypoint scripts is mentioned.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — launch-nemo-rl