tao-run-on-brev

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the brev CLI to manage remote GPU instances and execute commands. Specifically, it employs brev exec to launch Docker containers for NVIDIA TAO toolkit workloads.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes configuration files and datasets from external S3 buckets and user-provided paths.
  • Ingestion points: Data and specification files from S3 (s3://) and local directory paths.
  • Boundary markers: No delimiters or markers are specified to isolate processed data from the command execution flow.
  • Capability inventory: Includes remote command execution via brev exec, container execution via docker run, and package installation via pip.
  • Sanitization: Input from external storage is not explicitly validated or sanitized before interpolation into shell commands.- [EXTERNAL_DOWNLOADS]: Fetches the nvidia-tao-sdk package from PyPI and pulls Docker images from the NVIDIA Container Registry (nvcr.io). These are recognized vendor-controlled sources.- [SAFE]: The practice of storing credentials in ~/.config/tao/.env is documented as a secure method for local secret management and does not constitute a security violation in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:37 PM
Security Audit — agent-trust-hub — tao-run-on-brev