tao-analyze-gaps-visual-changenet

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes docker run with the tao_toolkit.data_services container. The container is granted access to the workspace via volume mounting (-v $WORKSPACE:$WORKSPACE) and GPU resources, which is necessary for the intended data processing functionality.\n- [EXTERNAL_DOWNLOADS]: The skill pulls a Docker image from the NVIDIA container registry (nvcr.io). As NVIDIA is a well-known and trusted technology provider, this download is part of the expected functionality.\n- [DATA_EXFILTRATION]: The skill includes a hook (hooks/rca-package.sh) that reads session logs from ~/.claude/projects/ to package them with the analysis results locally. This facilitates reproducibility and is not an exfiltration risk.\n- [PROMPT_INJECTION]: The skill processes output from the Docker container (e.g., unreachable_kpi.txt) to generate reports.\n
  • Ingestion points: unreachable_kpi.txt, metrics.json, threshold.txt.\n
  • Boundary markers: None explicitly used when reading these files.\n
  • Capability inventory: Full Bash and docker access on the host.\n
  • Sanitization: None; the agent reads and incorporates text directly into its report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — tao-analyze-gaps-visual-changenet