tao-finetune-huggingface-model

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow that ingests untrusted content from external sources to guide its execution.
  • Ingestion points: During Step 1 and Step 3, the agent fetches model cards, dataset descriptions, and community-contributed scripts from HuggingFace and GitHub repositories (SKILL.md, references/research-priorities.md).
  • Boundary markers: Absent. The instructions do not define specific delimiters for separating untrusted web content from agent instructions, relying on the underlying model's reasoning to filter malicious patterns.
  • Capability inventory: The skill possesses extensive capabilities including file system write access, arbitrary bash command execution, and network access via WebFetch (SKILL.md).
  • Sanitization: Absent. The skill extracts code and hyperparameters directly from fetched text to generate the training pipeline scripts.
  • [DYNAMIC_EXECUTION]: The compatibility registry mechanism uses dynamic logic evaluation.
  • Evidence: The skill's internal logic for applying compatibility workarounds utilizes Python eval() to process detection rules against model configuration objects (references/compat-workarounds.md). While primarily used for simple Boolean attribute checks (e.g., cfg.model_type == 'idefics3'), the use of eval() on data derived from external model configurations represents a potential vulnerability surface if those configurations are manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-finetune-huggingface-model