tao-run-on-brev
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
brevCLI to manage remote GPU instances and execute commands. Specifically, it employsbrev execto launch Docker containers for NVIDIA TAO toolkit workloads.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes configuration files and datasets from external S3 buckets and user-provided paths. - Ingestion points: Data and specification files from S3 (
s3://) and local directory paths. - Boundary markers: No delimiters or markers are specified to isolate processed data from the command execution flow.
- Capability inventory: Includes remote command execution via
brev exec, container execution viadocker run, and package installation viapip. - Sanitization: Input from external storage is not explicitly validated or sanitized before interpolation into shell commands.- [EXTERNAL_DOWNLOADS]: Fetches the
nvidia-tao-sdkpackage from PyPI and pulls Docker images from the NVIDIA Container Registry (nvcr.io). These are recognized vendor-controlled sources.- [SAFE]: The practice of storing credentials in~/.config/tao/.envis documented as a secure method for local secret management and does not constitute a security violation in this context.
Audit Metadata