tao-run-on-slurm
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill interacts with sensitive files including SSH private keys (
~/.ssh/id_ed25519) and authentication tokens (~/.config/enroot/.credentials). These files are accessed and modified to enable non-interactive remote access to computing clusters. - [COMMAND_EXECUTION]: Multiple system utilities such as
ssh,sbatch,srun, andscancelare invoked using environment variables likeSLURM_USERandSLURM_HOSTNAME. This pattern can facilitate command injection if the variables are not correctly sanitized before being passed to the shell. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
nvidia-tao-sdkpackage from the public Python Package Index (PyPI). This is a standard operation for skills designed to work with NVIDIA toolkits and originates from a well-known service provider. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data, such as Lustre filesystem paths and cluster configurations, which are then used in command execution.
- Ingestion points: Environment variables (
SLURM_USER,SLURM_HOSTNAME) and dataset URIs (lustre:///) provided by the user. - Boundary markers: No specific delimiters or "ignore" instructions are used when interpolating these values into shell commands.
- Capability inventory: Includes remote shell execution via
sshand cluster job management viasbatch. - Sanitization: The provided instructions do not include mechanisms for validating or escaping the contents of environment variables before they are used in scripts.
Audit Metadata