tao-run-platform

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill maintains an attack surface for indirect prompt injection due to its handling of external configuration and data paths.
  • Ingestion points: The skill processes user-supplied job parameters, platform-specific settings, and remote data URIs from S3, Hugging Face Hub, and NGC.
  • Boundary markers: The instructions do not define specific delimiters or "ignore instructions" markers to separate untrusted external data from the agent's core instructions during job submission.
  • Capability inventory: The skill utilizes sdk.create_job to execute shell commands across multiple environments, including DGX Cloud containers, remote GPU instances, and SLURM clusters.
  • Sanitization: The documentation does not specify sanitization or validation routines for user-provided configuration values before they are interpolated into container commands.
  • [COMMAND_EXECUTION]: The skill performs dynamic script generation to create container entrypoints.
  • The build_entrypoint function constructs shell commands that incorporate inlined, Base64-encoded scripts (heredocs). This is used to package a portable runtime (script_runner) that manages data I/O and configuration within the job container.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the nvidia-tao-sdk package.
  • This dependency is sourced from a well-known organization and is necessary for the skill's primary execution tasks.
  • [SAFE]: The skill adheres to best practices for managing sensitive information.
  • It directs the agent to verify the existence of environment variables (such as LEPTON_AUTH_TOKEN and S3_BUCKET_NAME) rather than accessing or logging the actual values. Sensitive configuration is stored in local environment files (~/.config/tao/.env), which is a standard practice for secure local secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — tao-run-platform