nemo-mbridge-perf-cuda-graphs

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to process untrusted user data (e.g., model names, tasks, and configurations) and interpolate it into executable shell commands. \n
  • Ingestion points: User-specified parameters for the performance harness CLI (e.g., -m, -mr, --task, --cuda_graph_scope) as described in SKILL.md. \n
  • Boundary markers: None present in the instructions to delimit user data or warn the agent about potentially embedded instructions in the user's input. \n
  • Capability inventory: Shell command execution via uv run and configuration modifications as documented in SKILL.md and scripts/performance/utils/overrides.py. \n
  • Sanitization: No explicit sanitization or validation logic is provided within the markdown instructions to mitigate potentially malicious user input being passed to the shell through the agent. \n- [COMMAND_EXECUTION]: The skill provides templates for shell commands (uv run python scripts/performance/run_script.py) intended for execution in the user's environment. While these are necessary for the skill's purpose of performance validation, they create a vector for command injection if the agent fails to sanitize user-provided arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — nemo-mbridge-perf-cuda-graphs