tao-train-dino

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Multiple configuration templates hardcode a well-known default encryption key.
  • Evidence: The string encryption_key: "tlt_encode" is present in references/spec_template_deploy_evaluate.yaml, references/spec_template_deploy_gen_trt_engine.yaml, and references/spec_template_deploy_inference.yaml.
  • Context: While "tlt_encode" is a standard default for NVIDIA TAO Toolkit examples, its presence in deployment templates can lead to insecure practices if not rotated by the user.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through external data ingestion.
  • Ingestion points: Untrusted data enters the agent context via COCO-format datasets and S3 URIs specified in SKILL.md and references/spec_overrides.md.
  • Boundary markers: Absent. No instructions exist for the agent to use delimiters or ignore potentially malicious instructions embedded within the datasets.
  • Capability inventory: The skill defines several shell command execution patterns for the dino CLI in references/skill_info.yaml (actions: train, distill, quantize, evaluate, export, inference, gen_trt_engine).
  • Sanitization: Absent. The skill does not include steps to sanitize or validate the content of external files before processing.
  • [COMMAND_EXECUTION]: The skill defines several execution patterns for the dino CLI tool to perform model training and deployment tasks.
  • Evidence: references/skill_info.yaml defines commands such as dino train -e {config_path}, dino distill -e {config_path}, and others.
  • Evidence: references/tao-deploy-dino.md provides docker run examples that involve mounting host directories and running containers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — tao-train-dino