tao-run-on-kubernetes

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses sensitive cluster authentication configuration at ~/.kube/config to establish a connection with the Kubernetes API.
  • [CREDENTIALS_UNSAFE]: As documented in the skill's benchmark results, sensitive credentials including NGC_KEY, S3 access keys, and HF_TOKEN are passed directly to Kubernetes pods as environment variables. This practice can lead to secret exposure in cluster management interfaces or container logs.
  • [COMMAND_EXECUTION]: The skill performs shell execution of a setup script (setup-nvidia-gpu-host.sh) and a version resolution script (resolve_versions_key.py) using paths resolved dynamically from environment variables at runtime.
  • [EXTERNAL_DOWNLOADS]: Instructs the agent to download and install the nvidia-tao-sdk package and the kubernetes library from public package registries.
  • [PROMPT_INJECTION]: The skill processes untrusted data from remote cloud storage (S3) which is then used as input for containerized jobs, creating a surface for indirect prompt injection.
  • Ingestion points: inputs parameter in create_job (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Execution of arbitrary shell commands within Kubernetes Jobs (SKILL.md).
  • Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-run-on-kubernetes