nv-generate-mr
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches source code from
github.com/NVIDIA-Medtech/NV-Generate-CTMRand model weights fromhuggingface.co/nvidia/NV-Generate-MR. These downloads originate from well-known repositories associated with established technology services. - [REMOTE_CODE_EXECUTION]: During setup, the skill installs Python dependencies from a remote
requirements.txtand executes the upstream inference module. These steps are necessary to perform the MRI synthesis tasks defined in the skill. - [COMMAND_EXECUTION]: The
scripts/run_mr.pyscript executes system commands to invoke the upstream ML logic and check the repository's git commit. Commands are executed as argument lists, which prevents shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill ingests user-supplied JSON files to override model parameters. This ingestion surface is secured by validation logic in
_validate_inference_config, which enforces strict limits on image dimensions and voxel counts to prevent resource exhaustion or unexpected behavior.
Audit Metadata