nv-generate-mr

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches source code from github.com/NVIDIA-Medtech/NV-Generate-CTMR and model weights from huggingface.co/nvidia/NV-Generate-MR. These downloads originate from well-known repositories associated with established technology services.
  • [REMOTE_CODE_EXECUTION]: During setup, the skill installs Python dependencies from a remote requirements.txt and executes the upstream inference module. These steps are necessary to perform the MRI synthesis tasks defined in the skill.
  • [COMMAND_EXECUTION]: The scripts/run_mr.py script executes system commands to invoke the upstream ML logic and check the repository's git commit. Commands are executed as argument lists, which prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill ingests user-supplied JSON files to override model parameters. This ingestion surface is secured by validation logic in _validate_inference_config, which enforces strict limits on image dimensions and voxel counts to prevent resource exhaustion or unexpected behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — nv-generate-mr