tao-run-deft-aoi

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill implements a strict 'Pre-Flight Summary' user confirmation gate, ensuring that no autonomous or side-effecting operations (such as Docker execution or file mutations) occur without explicit user approval.
  • [COMMAND_EXECUTION]: The skill uses Python scripts and subprocess calls to orchestrate Docker containers for model training and analysis. These commands use absolute paths and version-controlled image tags from a local registry, minimizing the risk of command injection.
  • [EXTERNAL_DOWNLOADS]: The workflow fetches container images and model weights from well-known and trusted providers, including the NVIDIA container registry (nvcr.io) and HuggingFace (huggingface.co/nvidia).
  • [SAFE]: Data integrity is maintained through validation scripts like 'validate_training_csv.py', which checks for file existence and prevents training/validation dataset leakage before initiating the compute-intensive training loop.
  • [SAFE]: The skill correctly handles sensitive credentials (NGC_API_KEY, HF_TOKEN) by instructing the user to provide them via a local .env file rather than hardcoding them within the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:11 PM
Security Audit — agent-trust-hub — tao-run-deft-aoi