tao-run-automl-deft-pipeline
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected during the analysis of the skill's instructions, metadata, or supporting documentation.
- [COMMAND_EXECUTION]: The skill orchestrates the TAO pipeline by generating and executing shell commands and Python snippets. These operations are used for managing execution state between AutoML and DEFT phases, such as patching JSON state files and merging configuration YAMLs. This behavior is consistent with the skill's primary purpose of workflow automation.
- [DATA_EXPOSURE]: The skill accesses local project data, including training datasets (CSV format) and configuration specifications (YAML). It performs pre-flight checks to verify the presence of required environment variables (e.g., NGC and Hugging Face API tokens) but correctly implements these checks without logging or exfiltrating sensitive values.
- [EXTERNAL_DOWNLOADS]: The workflow relies on container images hosted on
nvcr.io(NVIDIA Container Registry). These references target official infrastructure from a well-known service and are documented neutrally as standard requirements for the training toolkit. - [DYNAMIC_EXECUTION]: The documentation provides explicit Python code blocks designed for the agent to execute via its shell tool. These scripts automate the transition between training phases by updating local metadata and warm-starting subsequent runs. This dynamic generation of code is transparent and serves the stated goal of pipeline orchestration.
Audit Metadata