nv-segment-ct

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a model bundle (~832 MB) from NVIDIA's official HuggingFace repository and a sample CT dataset from an S3 bucket mirror associated with the MONAI project. These are recognized as trusted and well-known sources within the medical AI community.
  • [REMOTE_CODE_EXECUTION]: The execution script scripts/run_vista3d.py dynamically adds the downloaded bundle directory to the Python search path (sys.path) to import and execute the official HuggingFacePipelineHelper. This is the intended design to leverage the upstream model's inference logic.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of segmentation tasks through shell commands that invoke Python scripts, manage environment dependencies via pip, and interact with the HuggingFace CLI for asset management.
  • [SAFE]: The setup script fixtures/fetch_spleen_fixture.py uses tarfile.extract() to unpack the MSD09 dataset. While this method can be susceptible to path traversal with untrusted archives, the asset source is a established medical imaging repository, and the operation is restricted to the skill's local data directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — nv-segment-ct