tao-run-automl

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's documentation and example conversations (found in references/examples.md and references/mandatory-rules.md) explicitly instruct the agent to prompt users for sensitive API keys like llm_api_key and WANDB_API_KEY in plaintext. The provided example dialogue shows a user providing a key (sk-abc123) directly in the chat, which is then passed into generated scripts.
  • [DATA_EXFILTRATION]: The skill transmits experiment metadata, hyperparameter configurations, and training results to external services such as Weights & Biases and LLM providers (NVIDIA NIM, OpenAI). This behavior is documented as a core feature for experiment tracking and optimization.
  • [COMMAND_EXECUTION]: The skill dynamically generates Python "runner" scripts and executes them via the command line. It also uses the Bash tool to install dependencies and manage the execution environment.
  • [EXTERNAL_DOWNLOADS]: The skill initiates the installation of multiple Python packages from the public PyPI registry, including nvidia-tao-automl, openai, and wandb.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-run-automl