tao-train-dino
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Multiple configuration templates hardcode a well-known default encryption key.
- Evidence: The string
encryption_key: "tlt_encode"is present inreferences/spec_template_deploy_evaluate.yaml,references/spec_template_deploy_gen_trt_engine.yaml, andreferences/spec_template_deploy_inference.yaml. - Context: While "tlt_encode" is a standard default for NVIDIA TAO Toolkit examples, its presence in deployment templates can lead to insecure practices if not rotated by the user.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through external data ingestion.
- Ingestion points: Untrusted data enters the agent context via COCO-format datasets and S3 URIs specified in
SKILL.mdandreferences/spec_overrides.md. - Boundary markers: Absent. No instructions exist for the agent to use delimiters or ignore potentially malicious instructions embedded within the datasets.
- Capability inventory: The skill defines several shell command execution patterns for the
dinoCLI inreferences/skill_info.yaml(actions: train, distill, quantize, evaluate, export, inference, gen_trt_engine). - Sanitization: Absent. The skill does not include steps to sanitize or validate the content of external files before processing.
- [COMMAND_EXECUTION]: The skill defines several execution patterns for the
dinoCLI tool to perform model training and deployment tasks. - Evidence:
references/skill_info.yamldefines commands such asdino train -e {config_path},dino distill -e {config_path}, and others. - Evidence:
references/tao-deploy-dino.mdprovidesdocker runexamples that involve mounting host directories and running containers.
Audit Metadata