tao-finetune-cosmos-embed

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The provided Docker execution environment uses the --network=host and --ipc=host flags. These settings disable critical container isolation, granting the containerized process direct access to the host's network interfaces and IPC namespace, which increases the risk of host exploitation.
  • [CREDENTIALS_UNSAFE]: The skill instructs the user to pass the HF_TOKEN as an environment variable to the Docker container (-e HF_TOKEN). This practice exposes the sensitive Hugging Face authentication token in process listings and container logs.
  • [PROMPT_INJECTION]: There is a mismatch between the declared author in the skill metadata (NVIDIA Corporation) and the author reported by the platform (promptingcompany). This inconsistency indicates potential metadata poisoning or impersonation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted video files and metadata JSON without explicit sanitization or boundary markers.
  • Ingestion points: /data/video/*.mp4 and /data/msrvtt_test_1k.json.
  • Capability inventory: Execution of docker run and bash commands.
  • Boundary markers: None identified in the instruction set.
  • Sanitization: No evidence of input validation or escaping for external data processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-finetune-cosmos-embed