tao-finetune-huggingface-model
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that ingests untrusted content from external sources to guide its execution.
- Ingestion points: During Step 1 and Step 3, the agent fetches model cards, dataset descriptions, and community-contributed scripts from HuggingFace and GitHub repositories (
SKILL.md,references/research-priorities.md). - Boundary markers: Absent. The instructions do not define specific delimiters for separating untrusted web content from agent instructions, relying on the underlying model's reasoning to filter malicious patterns.
- Capability inventory: The skill possesses extensive capabilities including file system write access, arbitrary bash command execution, and network access via WebFetch (
SKILL.md). - Sanitization: Absent. The skill extracts code and hyperparameters directly from fetched text to generate the training pipeline scripts.
- [DYNAMIC_EXECUTION]: The compatibility registry mechanism uses dynamic logic evaluation.
- Evidence: The skill's internal logic for applying compatibility workarounds utilizes Python
eval()to process detection rules against model configuration objects (references/compat-workarounds.md). While primarily used for simple Boolean attribute checks (e.g.,cfg.model_type == 'idefics3'), the use ofeval()on data derived from external model configurations represents a potential vulnerability surface if those configurations are manipulated.
Audit Metadata