tao-finetune-cosmos-reason

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were identified during the analysis of the skill's instructions, configuration, or scripts.
  • [DATA_EXFILTRATION]: The skill requires a HuggingFace access token (HF_TOKEN) to access gated models. The documentation correctly instructs the user to provide this via environment variables or configuration files, adhering to standard credential management practices. No hardcoded secrets were found within the provided files.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided video annotation datasets. Analysis of the provided scripts (e.g., scripts/analyze_gaps.py) confirms that external data is processed for metadata extraction and performance comparison using safe methods (JSON parsing, pandas) without risks of dynamic code execution or shell interpolation.
  • [REMOTE_CODE_EXECUTION]: The skill references CLI tools (cosmos-rl, cosmos-rl-evaluate) and official containers from the vendor. No suspicious remote code downloads or execution patterns (like curl | bash) from untrusted sources were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-finetune-cosmos-reason