nemo-evaluator-plugin
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The evaluation specification files (
assets/specs/exact_match_benchmark.json,assets/specs/exact_match_metric.json, andassets/specs/llm_as_judge.json) contain serialized Python objects within thepayload.blobfields using thecloudpickleformat. Deserializing such content is a form of dynamic execution that can lead to arbitrary code execution within the environment where the evaluation is performed. - [COMMAND_EXECUTION]: The skill instructions involve executing shell commands through the
nemoCLI and running local Python scripts, such asscripts/generate_example_specs.py, which may perform operations on the host system. - [PROMPT_INJECTION]: The skill processes external datasets that are interpolated into prompts (e.g.,
{{item.input}}inllm_as_judge.json), creating a surface for indirect prompt injection. - Ingestion points: Dataset fields in specification files within
assets/specs/. - Boundary markers: Structured
messagesarray with role definitions (system, user). - Capability inventory: Execution of shell commands via the
nemoCLI. - Sanitization: No evidence of input validation or sanitization for dataset content.
Audit Metadata