tao-run-on-slurm

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill interacts with sensitive files including SSH private keys (~/.ssh/id_ed25519) and authentication tokens (~/.config/enroot/.credentials). These files are accessed and modified to enable non-interactive remote access to computing clusters.
  • [COMMAND_EXECUTION]: Multiple system utilities such as ssh, sbatch, srun, and scancel are invoked using environment variables like SLURM_USER and SLURM_HOSTNAME. This pattern can facilitate command injection if the variables are not correctly sanitized before being passed to the shell.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the nvidia-tao-sdk package from the public Python Package Index (PyPI). This is a standard operation for skills designed to work with NVIDIA toolkits and originates from a well-known service provider.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data, such as Lustre filesystem paths and cluster configurations, which are then used in command execution.
  • Ingestion points: Environment variables (SLURM_USER, SLURM_HOSTNAME) and dataset URIs (lustre:///) provided by the user.
  • Boundary markers: No specific delimiters or "ignore" instructions are used when interpolating these values into shell commands.
  • Capability inventory: Includes remote shell execution via ssh and cluster job management via sbatch.
  • Sanitization: The provided instructions do not include mechanisms for validating or escaping the contents of environment variables before they are used in scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — tao-run-on-slurm