tao-run-on-kubernetes
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive cluster authentication configuration at
~/.kube/configto establish a connection with the Kubernetes API. - [CREDENTIALS_UNSAFE]: As documented in the skill's benchmark results, sensitive credentials including
NGC_KEY, S3 access keys, andHF_TOKENare passed directly to Kubernetes pods as environment variables. This practice can lead to secret exposure in cluster management interfaces or container logs. - [COMMAND_EXECUTION]: The skill performs shell execution of a setup script (
setup-nvidia-gpu-host.sh) and a version resolution script (resolve_versions_key.py) using paths resolved dynamically from environment variables at runtime. - [EXTERNAL_DOWNLOADS]: Instructs the agent to download and install the
nvidia-tao-sdkpackage and thekuberneteslibrary from public package registries. - [PROMPT_INJECTION]: The skill processes untrusted data from remote cloud storage (S3) which is then used as input for containerized jobs, creating a surface for indirect prompt injection.
- Ingestion points:
inputsparameter increate_job(SKILL.md). - Boundary markers: Absent.
- Capability inventory: Execution of arbitrary shell commands within Kubernetes Jobs (SKILL.md).
- Sanitization: Absent.
Audit Metadata