tao-finetune-cosmos-embed
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The provided Docker execution environment uses the
--network=hostand--ipc=hostflags. These settings disable critical container isolation, granting the containerized process direct access to the host's network interfaces and IPC namespace, which increases the risk of host exploitation. - [CREDENTIALS_UNSAFE]: The skill instructs the user to pass the
HF_TOKENas an environment variable to the Docker container (-e HF_TOKEN). This practice exposes the sensitive Hugging Face authentication token in process listings and container logs. - [PROMPT_INJECTION]: There is a mismatch between the declared author in the skill metadata (NVIDIA Corporation) and the author reported by the platform (promptingcompany). This inconsistency indicates potential metadata poisoning or impersonation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted video files and metadata JSON without explicit sanitization or boundary markers.
- Ingestion points:
/data/video/*.mp4and/data/msrvtt_test_1k.json. - Capability inventory: Execution of
docker runandbashcommands. - Boundary markers: None identified in the instruction set.
- Sanitization: No evidence of input validation or escaping for external data processing.
Audit Metadata