nemo-mbridge-perf-cuda-graphs
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to process untrusted user data (e.g., model names, tasks, and configurations) and interpolate it into executable shell commands. \n
- Ingestion points: User-specified parameters for the performance harness CLI (e.g., -m, -mr, --task, --cuda_graph_scope) as described in
SKILL.md. \n - Boundary markers: None present in the instructions to delimit user data or warn the agent about potentially embedded instructions in the user's input. \n
- Capability inventory: Shell command execution via
uv runand configuration modifications as documented inSKILL.mdandscripts/performance/utils/overrides.py. \n - Sanitization: No explicit sanitization or validation logic is provided within the markdown instructions to mitigate potentially malicious user input being passed to the shell through the agent. \n- [COMMAND_EXECUTION]: The skill provides templates for shell commands (
uv run python scripts/performance/run_script.py) intended for execution in the user's environment. While these are necessary for the skill's purpose of performance validation, they create a vector for command injection if the agent fails to sanitize user-provided arguments.
Audit Metadata